Wireshark-dev: [Wireshark-dev] How is the protocol display filter name determined?
Hi,
I have a custom
plugin building with the Wireshark 2.0.2 source on Windows 7, using
cmake.
For the most part
the plugin works correctly.
Display filters on
particular items appear to work.
However, when I try
to use just the protocol name to filter I don't get any
packets.
But if I clear the
display filter the packets are there.
The protocol is
called FAPI.
This is used to
register the protocol.
proto_fapi = proto_register_protocol("FAPI", "FAPI",
"fapi");
The packets come on
a particular UDP port.
If I start a capture
I can see the packets and the PROTOCOL column says FAPI.
When I enter "fapi"
in the display filter field and hit apply everything
disappears.
A display filter
likes this:
fapi.FAPI_subFrameIndication_st.sf
works
correctly.
Any ideas on where I
should look?
I've tried
rebuilding everything from scratch but end up with the same
results.
Thank
you
From
"About":
===================================================================================
Version
2.0.2-StarSolutions (SVN Rev Unknown from unknown)
Compiled (64-bit)
with GTK+ 2.24.23, with Cairo 1.12.16, with Pango 1.36.8, with
WinPcap
(4_1_3), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with
c-ares
1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT
Kerberos,
with GeoIP, with PortAudio V19-devel (built Mar 24 2016), with
AirPcap.
Running on 64-bit
Windows 7 Service Pack 1, build 7601, with locale
English_Canada.1252, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980),
based on libpcap
version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15,
with Gcrypt
1.6.2, with AirPcap 4.1.0 build 1622.
Intel(R) Core(TM) i7-5500U CPU @
2.40GHz (with SSE4.2), with 7926MB of physical
memory.
Built using
Microsoft Visual C++ 12.0 build 31101