Compartilhar via


The FILTEROBJECT structure defines a single object of a display filter. The FilterAddObject function uses FILTEROBJECT to build a display filter.

typedef struct _FILTEROBJECT {
  HPROPERTY hProperty;
  union {
    VALUETYPE Value;
    HPROTOCOL hProtocol;
    LPVOID lpArray;
    LPADDRESS lpAddress;
    ULPLARGEINT lpLargeInt;
    ULPTIME lpTime;
  union {
    WORD ByteCount;
    WORD ByteOffset;
  struct _FILTEROBJECT* pNext;


  • Action
    Flag that specifies the FILTEROBJECT action. A flag can specify a property, value, or operator.

    The following table lists Action member property flags.

    Value Meaning
    FILTERACTION_PROPERTY Contains this property.
    FILTERACTION_PROPERTYEXIST Indicates that a filter action property is already defined.

    The following table lists Action member value flags.

    Value Meaning
    FILTERACTION_VALUE Contains this value.
    FILTERACTION_STRING Contains this string.
    FILTERACTION_ARRAY Contains this array.
    FILTERACTION_CONTAINSNC Indicates that a property contains a case-insensitive substring.
    FILTERACTION_CONTAINS Indicates that a property contains a case sensitive substring.
    FILTERACTION_ADDRESS Contains the MAC address.
    FILTERACTION_ADDRESSANY Matches any MAC address.
    FILTERACTION_FROM Indicates the From MAC address.
    FILTERACTION_TO Indicates the To MAC address.
    FILTERACTION_FROMTO Indicates a From/To pairing of MAC addresses.
    FILTERACTION_LARGEINT Contains a large integer.
    FILTERACTION_TIME Contains a SYSTEMTIME structure.
    FILTERACTION_ADDR_ETHER Contains an Ethernet MAC address.
    FILTERACTION_ADDR_TOKEN Contains a token ring MAC address.
    FILTERACTION_ADDR_IPX Contains an IPX MAC address.
    FILTERACTION_ADDR_IP Contains an IP MAC address.
    FILTERACTION_OID Contains an Object Identifier (OID).

    The following table lists Action member operator flags.

    Value Meaning
    FILTERACTION_INVALID Indicates an invalid filter action.
    FILTERACTION_AND Indicates a logical AND statement.
    FILTERACTION_OR Indicates a logical OR statement.
    FILTERACTION_XOR Indicates a logical exclusive OR (XOR) statement.
    FILTERACTION_NOT Indicates a logical NOT statement.
    FILTERACTION_EQUALNC Filter action is equal and case insensitive.
    FILTERACTION_EQUAL Filter action is equal and case sensitive.
    FILTERACTION_NOTEQUALNC Logical NOT statement is equal and case insensitive.
    FILTERACTION_NOTEQUAL Logical NOT statement is equal and is case sensitive.
    FILTERACTION_GREATERNC Filter action is greater than (>) and case insensitive.
    FILTERACTION_GREATER Filter action is greater than (>) and case sensitive.
    FILTERACTION_LESSNC Filter action is less than (<) and case insensitive.
    FILTERACTION_LESS Filter action is less than (<) and case sensitive.
    FILTERACTION_GREATEREQUALNC Filter action is greater than or equal to (>=) and case insensitive.
    FILTERACTION_GREATEREQUAL Filter action is greater than or equal to (>=) and case sensitive.
    FILTERACTION_LESSEQUALNC Filter action is less than or equal to (<=) and case insensitive.
    FILTERACTION_LESSEQUAL Filter action is less than or equal to (<=) and is case sensitive.
    FILTERACTION_PLUS Add operator (+).
    FILTERACTION_MINUS Subtract operator (-).
    FILTERACTION_AREBITSON Indicates a bitwise operation.
    FILTERACTION_AREBITSOFF Indicates a non-bitwise operation.
    FILTERACTION_PROTOCOLSEXIST Indicates that the selected protocols exist.
    FILTERACTION_PROTOCOLEXIST Indicates that the selected protocol exists.
    FILTERACTION_ARRAYEQUAL Indicates that array contents are equal. The flag must be used with a FILTERACTION_ARRAY structure.
    FILTERACTION_DEREFPROPERTY Describes a pattern match at an offset (in bytes), from the protocol.
    FILTERACTION_OID_CONTAINS Evaluates a substring within an object identifier. The action must be used with the FILTERACTION_OID structure.
    FILTERACTION_OID_BEGINS_WITH Evaluates a substring that begins an object identifier. The flag must be used with FILTERACTION_OID.
    FILTERACTION_OID_ENDS_WITH Evaluates a substring that ends an object identifier. The flag must be used with FILTERACTION_OID.
    FILTERACTION_ADDR_VINES Contains a Vines MAC address.
    FILTERACTION_EXPRESSION Contains an action expression.
    FILTERACTION_BOOL Contains a BOOL data type.
    FILTER_DIRECTION_NEXT Controls sequential direction (Next frame) within a capture file.
    FILTER_DIRECTION_PREV Controls sequential direction (Previous frame) within a capture file.
  • hProperty
    Handle to a property key.

  • Value
    Value of an object.

  • hProtocol
    Handle to display filter protocol.

  • lpArray
    Pointer to an array.

  • lpProtocolTable
    Pointer to a protocol list designed to test the existence of protocol in a frame.

  • lpAddress
    Pointer to the kernel type address. For example, MAC or IP.

  • lpLargeInt
    Double DWORD used in a Windows NT or Windows 2000 application.

  • lpTime
    A pointer to a SYSTEMTIME structure.

  • lpOID
    A pointer to the OBJECT_IDENTIFIER (OID) structure.

  • ByteCount
    The number, in bytes, in the frame.

  • ByteOffset
    The offset byte value of the FILTEROBJECT structure used to compare arrays.

  • pNext


Client Requires Windows XP, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Declared in Netmon.h.