Wireshark-dev: [Wireshark-dev] How is the protocol display filter name determined?
From: Michael Lum <michael.lum@xxxxxxxxxxxxxxxxx>
Date: Thu, 24 Mar 2016 15:14:49 -0700
Hi,
 
I have a custom plugin building with the Wireshark 2.0.2 source on Windows 7, using cmake.
 
For the most part the plugin works correctly.
 
Display filters on particular items appear to work.
 
However, when I try to use just the protocol name to filter I don't get any packets.
But if I clear the display filter the packets are there.
 
The protocol is called FAPI.
 
This is used to register the protocol.
 
    proto_fapi = proto_register_protocol("FAPI", "FAPI", "fapi");
 
The packets come on a particular UDP port.
 
If I start a capture I can see the packets and the PROTOCOL column says FAPI.
 
When I enter "fapi" in the display filter field and hit apply everything disappears.
 
A display filter likes this:
 
fapi.FAPI_subFrameIndication_st.sf
 
works correctly.
 
Any ideas on where I should look?
I've tried rebuilding everything from scratch but end up with the same results.
 
Thank you
 
 
From "About":
===================================================================================
Version 2.0.2-StarSolutions (SVN Rev Unknown from unknown)
 
Copyright 1998-2016 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 
Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango 1.36.8, with
WinPcap (4_1_3), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos,
with GeoIP, with PortAudio V19-devel (built Mar 24 2016), with AirPcap.
 
Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
English_Canada.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980),
based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15,
with Gcrypt 1.6.2, with AirPcap 4.1.0 build 1622.
Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz (with SSE4.2), with 7926MB of physical
memory.
 
Built using Microsoft Visual C++ 12.0 build 31101