Thanks. I got rid off of the problem.
I accidently found the bug when I was stripping off all the functions that definitely didn't have a problem.
Heh.
The "contains" keyword in the display filter now works after I changed the first
proto_tree_add_protocol_format(tree, proto_mbdmp, tvb, 0, 8,
"MBDMP Header Common (%s)", desc);
to
proto_tree_add_protocol_format(tree, proto_mbdmp, tvb, 0, tvb_length(tvb),
"MBDMP Header Common (%s)", desc);
As the protocol was running over UDP, I'm guessing that the previous coder just copied the
line over from the UDP dissector.
I'm also guessing that the length specified is used to extract some portion
of the tvb to search through.
I'm not entirely sure why that line worked fine for the udp dissector but not for mine.
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Stephen Fisher
Sent: Monday, May 11, 2009 2:56 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] problem with "contains" filter
On Mon, May 11, 2009 at 02:15:22PM -0400, Yang Ning wrote:
> I have helped add/maintain a dissector that was written by someone
> else. Only recently did I discover that wireshark crashes if the
> display filter uses "contains".
That's not good.
> Is there something that I have to set so that "contains" keyword can
> be used in the display filter? How does it know what after which
> offset in the tvb, it is to search for?
Nothing special needs to be done. As an example, I just opened a
capture with IP/TCP/HTTP traffic in it and all of the following work
properly ("HTTP" is in one of the headers - it's not referring to the
HTTP dissector):
ip contains HTTP
tcp contains HTTP
http contains HTTP
I suspect that there is a bug in the dissector code. If you are allowed
to share it and a sample capture file with us, we may be able to help
solve it.
Steve
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe