Wireshark-dev: Re: [Wireshark-dev] view filter bug
Before I write this up, I just wanted to confirm there isn't a
workaround for this problem, or it isn't a misunderstanding of some sort.
Normally you can type 'http' into the view filter and you'll only see
http packets. However, if the http dissector operates on packets handed
to it by the ssl dissector after it has decrypted them, entering 'http'
into the view filter causes all packets to disapear (unless some http
packets were captured that weren't ssl encrypted).
What I suspect is happening is that since the ssl dissector isn't
being executed to build the packet list, the decrypted ssl data is never
added to a new tvb and passed off to the http dissector, so nothing gets
listed.
Am I mistaken? Is there a workaround? Seems like a bug to me, and
I'm getting pressure from my boss to figure out why my code is broken
(it relies on the http dissector, and he can't just type the name of our
protocol and have it only show those packets; but the http dissector has
the same problem), and he doesn't believe me when I explain this problem
to him.
Basically, he thinks I'm a newb who has no idea what's really going
on; it *has* to be my code causing the problem
since there's no way anyone writing code for wireshark could have left
a bug like this in their code (ya, like everyone is perfect). So, if
someone could point me in the right direction I'd appreciate it, or if
you have an explanation that would be even better.
-Brian
