The protocol filter name checks for the existence of the protocol entry in the proto_tree data structure hierarchy.
This is done with proto_tree_add_item(), as in this example from packet-ip.c : ti = proto_tree_add_item(tree, proto_ip, tvb, offset, hlen, ENC_NA) Could it be that your "proto_ABC" was not added to the tree in this way? Or, maybe the value that was assigned to your protocol via proto_register_protocol() changed during execution? As a test, compile "dftest" and run dftest with your protocol name, and see what the "display filter virtual machine" opcodes will be. Maybe your protocol name is matching something else? Also, you can run: "tshark -G protocols" to see if your protocol really is known. Gilbert On Wed, Aug 28, 2013 at 8:55 AM, DbdM Tbt <[email protected]> wrote: > Good day to all, > > I have been trying to figure out a behavior for a while now where the > 'filter name' (third parameter of proto_register_protocol() function) does > not filter the captured messages. > For a brief background, I am studying/using an existing openflow dissector: > https://github.com/CPqD/ofdissector > > I have scanned the README.developer and from looking at the ofdissector > code, everything seems to be in order. > > At first I thought that the 'filter name' should be the same as the first > 'prefix' of the display filters registered in hf_register_info > declarations. Meaning if the display filters are like 'abc.yyy.xxx', the > filter name should be 'abc'. > But I think this does not necessarily need to be the case as I tried > changing the prefixes in another of my dissectors and the filter name seems > to work fine. > > Does anyone have any possible leads/reasons/hypothesis as to where should > I be looking to fix this? > > Thank you in advance. > > Best regards, > David > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
