FILTEROBJECT structure

The FILTEROBJECT structure defines a single object of a display filter. The FilterAddObject function uses FILTEROBJECT to build a display filter.

Syntax

typedef struct _FILTEROBJECT {
  FILTERACTIONTYPE     Action;
  HPROPERTY            hProperty;
  union {
    VALUETYPE           Value;
    HPROTOCOL           hProtocol;
    LPVOID              lpArray;
    LPPROTOCOLTABLETYPE lpProtocolTable;
    LPADDRESS           lpAddress;
    ULPLARGEINT         lpLargeInt;
    ULPTIME             lpTime;
    LPOBJECT_IDENTIFIER lpOID;
  };
  union {
    WORD ByteCount;
    WORD ByteOffset;
  };
  struct _FILTEROBJECT  *pNext;
} FILTEROBJECT, *LPFILTEROBJECT;

Members

Action

Flag that specifies the FILTEROBJECT action. A flag can specify a property, value, or operator.

The following table lists Action member property flags.

Value Meaning
FILTERACTION_PROPERTY
Contains this property.
FILTERACTION_PROPERTYEXIST
Indicates that a filter action property is already defined.

The following table lists Action member value flags.

Value Meaning
FILTERACTION_VALUE
Contains this value.
FILTERACTION_STRING
Contains this string.
FILTERACTION_ARRAY
Contains this array.
FILTERACTION_CONTAINSNC
Indicates that a property contains a case-insensitive substring.
FILTERACTION_CONTAINS
Indicates that a property contains a case sensitive substring.
FILTERACTION_ADDRESS
Contains the MAC address.
FILTERACTION_ADDRESSANY
Matches any MAC address.
FILTERACTION_FROM
Indicates the From MAC address.
FILTERACTION_TO
Indicates the To MAC address.
FILTERACTION_FROMTO
Indicates a From/To pairing of MAC addresses.
FILTERACTION_LARGEINT
Contains a large integer.
FILTERACTION_TIME
Contains a SYSTEMTIME structure.
FILTERACTION_ADDR_ETHER
Contains an Ethernet MAC address.
FILTERACTION_ADDR_TOKEN
Contains a token ring MAC address.
FILTERACTION_ADDR_FDDI
Contains a FDDI MAC address.
FILTERACTION_ADDR_IPX
Contains an IPX MAC address.
FILTERACTION_ADDR_IP
Contains an IP MAC address.
FILTERACTION_OID
Contains an Object Identifier (OID).

The following table lists Action member operator flags.

Value Meaning
FILTERACTION_INVALID
Indicates an invalid filter action.
FILTERACTION_AND
Indicates a logical AND statement.
FILTERACTION_OR
Indicates a logical OR statement.
FILTERACTION_XOR
Indicates a logical exclusive OR (XOR) statement.
FILTERACTION_NOT
Indicates a logical NOT statement.
FILTERACTION_EQUALNC
Filter action is equal and case insensitive.
FILTERACTION_EQUAL
Filter action is equal and case sensitive.
FILTERACTION_NOTEQUALNC
Logical NOT statement is equal and case insensitive.
FILTERACTION_NOTEQUAL
Logical NOT statement is equal and is case sensitive.
FILTERACTION_GREATERNC
Filter action is greater than (>) and case insensitive.
FILTERACTION_GREATER
Filter action is greater than (>) and case sensitive.
FILTERACTION_LESSNC
Filter action is less than (<) and case insensitive.
FILTERACTION_LESS
Filter action is less than (<) and case sensitive.
FILTERACTION_GREATEREQUALNC
Filter action is greater than or equal to (>=) and case insensitive.
FILTERACTION_GREATEREQUAL
Filter action is greater than or equal to (>=) and case sensitive.
FILTERACTION_LESSEQUALNC
Filter action is less than or equal to (<=) and case insensitive.
FILTERACTION_LESSEQUAL
Filter action is less than or equal to (<=) and is case sensitive.
FILTERACTION_PLUS
Add operator (+).
FILTERACTION_MINUS
Subtract operator (-).
FILTERACTION_AREBITSON
Indicates a bitwise operation.
FILTERACTION_AREBITSOFF
Indicates a non-bitwise operation.
FILTERACTION_PROTOCOLSEXIST
Indicates that the selected protocols exist.
FILTERACTION_PROTOCOLEXIST
Indicates that the selected protocol exists.
FILTERACTION_ARRAYEQUAL
Indicates that array contents are equal. The flag must be used with a FILTERACTION_ARRAY structure.
FILTERACTION_DEREFPROPERTY
Describes a pattern match at an offset (in bytes), from the protocol.
FILTERACTION_OID_CONTAINS
Evaluates a substring within an object identifier. The action must be used with the FILTERACTION_OID structure.
FILTERACTION_OID_BEGINS_WITH
Evaluates a substring that begins an object identifier. The flag must be used with FILTERACTION_OID.
FILTERACTION_OID_ENDS_WITH
Evaluates a substring that ends an object identifier. The flag must be used with FILTERACTION_OID.
FILTERACTION_ADDR_VINES
Contains a Vines MAC address.
FILTERACTION_EXPRESSION
Contains an action expression.
FILTERACTION_BOOL
Contains a BOOL data type.
FILTER_DIRECTION_NEXT
Controls sequential direction (Next frame) within a capture file.
FILTER_DIRECTION_PREV
Controls sequential direction (Previous frame) within a capture file.

hProperty

Handle to a property key.

Value

Value of an object.

hProtocol

Handle to display filter protocol.

lpArray

Pointer to an array.

lpProtocolTable

Pointer to a protocol list designed to test the existence of protocol in a frame.

lpAddress

Pointer to the kernel type address. For example, MAC or IP.

lpLargeInt

Double DWORD used in a Windows NT or Windows 2000 application.

lpTime

A pointer to a SYSTEMTIME structure.

lpOID

A pointer to the OBJECT_IDENTIFIER (OID) structure.

ByteCount

The number, in bytes, in the frame.

ByteOffset

The offset byte value of the FILTEROBJECT structure used to compare arrays.

pNext

Reserved.

Requirements

Requirement Value
Minimum supported client
Windows 2000 Professional [desktop apps only]
Minimum supported server
Windows 2000 Server [desktop apps only]
Header
Netmon.h