How to allow string matching on a decoded string field ?

[Fulko Hew <fulko.hew () gmail com>]

I have a protocol that has an encrypted string as one of its fields.
A Lua based dissector (for example) shows this using the following
code snippet:

xx_proto.fields.msg = ProtoField.string("xx.msg", "Msg", base.ASCII)

local decoded = decrypt(buf, start)
subtree:add(xx_proto.fields.msg, buf(start, len), decoded:raw())

The decoder converts the encrypted data into ASCII.

I'd love to be able to search on the decrypted contents using a display
filter,
but I presume it searches buf(start, len) rather than the decrypted
data/value
that's placed into the tree.

Can it be done?
What would I need to do?

TIA
Fulko

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe