Wireshark-dev: Re: [Wireshark-dev] new plug-in dissector - no packets, displayed when dissector

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 1 May 2009 09:38:46 -0700

On May 1, 2009, at 9:10 AM, Stuart Marsden wrote:

   hf_sslbp_type = frmtyp;

Don't do that. If you do that, then, even if you *do* correctly attempt to add sslbp.frametype into the protocol tree, it will fail, as the value assigned by Wireshark to hf_sslbp_type is an index into an array of fields internal to the Wireshark core, and if you give it a different value, it'll put the wrong field into the protocol tree.

   proto_tree_add_text(header_tree, tvb, offset+3, 1,
"Frame type: %s", val_to_str(frmtyp,frame_type,"Unknown (0x %02x)"));

If you want sslbp.frametype to be in the protocol tree, do

proto_tree_add_uint(header_tree, hf_sslbp_type, tvb, offset+3, 1, frmtyp);

If sslbp.frametype isn't in the protocol tree, any filter trying to match it will fail, so you want it in the protocol tree.

See doc/README.developer in the source tree.