Hello all,
So in my dissector plugin i the first byte of my messages decide if it is of type "Data" or "Heartbeat" (packet sent to make sure the connection is still alive). To display i use:
bnp = proto_tree_add_item(icom_tree, hf_icom_bnp_type, tvb, offset, 1, FALSE); offset += 1;
icom_bnp_tree = proto_item_add_subtree(bnp, ett_bnp);
with:
{ &hf_icom_bnp_type,
{ "ICom BNP Type", "icom.type",
FT_UINT8, BASE_DEC,
VALS(bnp_type_names), 0x0,
NULL, HFILL }
},
and:
static const value_string bnp_type_names[] = {
{ 1, "Heartbeat" },
{ 2, "Data" },
{ 0, NULL }
};
now i want to be able to filter out the two in wireshark, which i thought would be icom.type=1 for heartbeat, or icom.type=2 for data. But that doesnt seem to work. i added a line to see what hf_icom_bnp_type is equal to:
proto_tree_add_text(icom_message_tree, tvb, 0, 0, "BNP: %d", hf_icom_bnp_type);
and it returns 79353 everytime. Does anyone know what the problem is? i just want to be able to filter out heartbeats when looking at the capture file in wireshark.
Thanks,
Greg
