Wireshark · Wireshark-dev: Re: [Wireshark-dev] Protocol filter

[Pascal Quantin <pascal.quantin@xxxxxxxxx>]

Hi Paul,

2016-09-18 19:01 GMT+02:00 Paul Offord <Paul.Offord@xxxxxxxxxxxx>:

Hi,

 

I am trying to get the TRANSUM post-dissector to allow a filter with the _expression_ “transum”.  I expect it to just display packets that have a TRANSUM RTE Data subtree in them – which is what the LUA version does – just like “tcp” or “http” or “tds”.  When I type the word “transum” into the display filter box the background shows as green, but when I apply the filter no packets are displayed.  Filter on other values in the TRANSUM RTE Data subtree work fine e.g. transum.art>1

 

I’ve looked through the various README files in the doc directory but I can’t find any mention of this.  What do I need to do to get this to work?

You need to add a line

proto_tree_add_item(tree, proto_transum, tvb, 0, -1, ENC_NA);

at the beginning of the main dissection function.

 

The code is available on Gerrit – change 17750.

Note that there is an issue with this changeset, that is a followup of changeset 17757 that you abandoned, and not a full standalone patch adding all the transum code.

Pascal.