Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using col_set_str(pinfo->cinfo, COL_PROTOCOL, "some_string") but cannot filter on some_string

From: Michael Mann via Wireshark-dev <wireshark-dev () wireshark org>
Date: Sat, 1 Jul 2017 17:38:38 -0400

If you filter string is "smb2", "dns", the reason the filter works is there is a field added to the tree with that name 
(typically the proto_id).   There is no "col.proto == smb2" filter.  Many dissectors have the proto id as the first 
field in their tree and that allows the filterability.  
 
 
 
-----Original Message-----
From: Richard Sharpe <realrichardsharpe () gmail com>
To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Sent: Sat, Jul 1, 2017 5:02 pm
Subject: Re: [Wireshark-dev] Using col_set_str(pinfo->cinfo, COL_PROTOCOL, "some_string") but cannot filter on 
some_string

On Sat, Jul 1, 2017 at 1:48 PM, Michael Mann via Wireshark-dev<wireshark-dev () wireshark org> wrote:> I think you're 
running into this:> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4684What is strange is that it seems to work 
for some protocols. Ie, if Isearch on smb2, dns, etc, it works.I wonder what the difference is ...>> -----Original 
Message-----> From: Richard Sharpe <realrichardsharpe () gmail com>> To: Developer support list for Wireshark 
<wireshark-dev () wireshark org>> Sent: Sat, Jul 1, 2017 2:31 pm> Subject: Re: [Wireshark-dev] Using 
col_set_str(pinfo->cinfo, COL_PROTOCOL,> "some_string") but cannot filter on some_string>> On Sat, Jul 1, 2017 at 10:20 
AM, Darien Spencer <cusneud () mail com> wrote: >>> The protocol filter isn't based on the value in the protocol 
column. >> Instead it's based on the value given to the protocol registration method> 'proto_register_protocol' > Look 
at the example here: >> https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html > the> filter will be 'foo' 
since the 3rd argument to this method is 'foo'. > Did> you use 'some_string' there as well? Yeah, I just went back and 
made sure> that the third argument was the same, including case, as what I used in> col_set_str. -- Regards, Richard 
Sharpe (何以解憂?唯有杜康。--曹操)> ___________________________________________________________________________> Sent via: 
Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives:> https://www.wireshark.org/lists/wireshark-dev 
Unsubscribe:> https://www.wireshark.org/mailman/options/wireshark-dev> mailto:wireshark-dev-request () wireshark 
org?subject=unsubscribe>> ___________________________________________________________________________> Sent via:    
Wireshark-dev mailing list <wireshark-dev () wireshark org>> Archives:    
https://www.wireshark.org/lists/wireshark-dev> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev>    
          mailto:wireshark-dev-request () wireshark org?subject=unsubscribe-- Regards,Richard 
Sharpe(何以解憂?唯有杜康。--曹操)___________________________________________________________________________Sent via:    
Wireshark-dev mailing list <wireshark-dev () wireshark org>Archives:    
https://www.wireshark.org/lists/wireshark-devUnsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev       
      mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: