If you filter string is "smb2", "dns", the reason the filter works is there is a field added to the tree with that name (typically the proto_id). There is no "col.proto == smb2" filter. Many dissectors have the proto id as the first field in their tree and that allows the filterability. -----Original Message----- From: Richard Sharpe <[email protected]> To: Developer support list for Wireshark <[email protected]> Sent: Sat, Jul 1, 2017 5:02 pm Subject: Re: [Wireshark-dev] Using col_set_str(pinfo->cinfo, COL_PROTOCOL, "some_string") but cannot filter on some_string
On Sat, Jul 1, 2017 at 1:48 PM, Michael Mann via Wireshark-dev<[email protected]> wrote:> I think you're running into this:> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4684What is strange is that it seems to work for some protocols. Ie, if Isearch on smb2, dns, etc, it works.I wonder what the difference is ...>> -----Original Message-----> From: Richard Sharpe <[email protected]>> To: Developer support list for Wireshark <[email protected]>> Sent: Sat, Jul 1, 2017 2:31 pm> Subject: Re: [Wireshark-dev] Using col_set_str(pinfo->cinfo, COL_PROTOCOL,> "some_string") but cannot filter on some_string>> On Sat, Jul 1, 2017 at 10:20 AM, Darien Spencer <[email protected]> wrote: >>> The protocol filter isn't based on the value in the protocol column. >> Instead it's based on the value given to the protocol registration method> 'proto_register_protocol' > Look at the example here: >> https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html > the> filter will be 'foo' since the 3rd argument to this method is 'foo'. > Did> you use 'some_string' there as well? Yeah, I just went back and made sure> that the third argument was the same, including case, as what I used in> col_set_str. -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操)> ___________________________________________________________________________> Sent via: Wireshark-dev mailing list <[email protected]> Archives:> https://www.wireshark.org/lists/wireshark-dev Unsubscribe:> https://www.wireshark.org/mailman/options/wireshark-dev> mailto:[email protected]?subject=unsubscribe>> ___________________________________________________________________________> Sent via: Wireshark-dev mailing list <[email protected]>> Archives: https://www.wireshark.org/lists/wireshark-dev> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev> mailto:[email protected]?subject=unsubscribe-- Regards,Richard Sharpe(何以解憂?唯有杜康。--曹操)___________________________________________________________________________Sent via: Wireshark-dev mailing list <[email protected]>Archives: https://www.wireshark.org/lists/wireshark-devUnsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
