<Moussa.Alawieh@...> writes:
> I put the result in Wireshark with the
> "proto_tree_add_text"
> function, but it's impossible
> to filter this field because it's a text !!!!!
> can someone help-me ???
> regards
Don't use proto_tree_add_text(). To quote doc/README.developer:
proto_tree_add_text() is used to add a label to the GUI tree. It will
contain no value, so it is not searchable in the display filter process.
This function was needed in the transition from the old-style proto_tree
to this new-style proto_tree so that Wireshark would still decode all
protocols w/o being able to filter on all protocols and fields.
Otherwise we would have had to cripple Wireshark's functionality while we
converted all the old-style proto_tree calls to the new-style proto_tree
calls. In other words, you should not use this in new code unless you've got
a specific reason (see below).
