Prevent field to appear in filter text area

Question

Im a writing a dissector with a lot of fields, but only some of them are worth filtering.

Is there a way to prevent some fields to appear in the filter text area ?

README.dissector tells tha "The abbreviation is the identifier used in a display filter. If it is an empty string then the field will not be filterable.", but if I use an empty string (""), I get an exception when I start wireshark.

Do you know how to proceed ?

Thank you

Accepted Answer

That version of the docs is out of date; the current master README.dissector says:

The abbreviation is the identifier used in a display filter.  As such it
cannot be an empty string.

In other words, Wireshark's goal/requirement is that all fields are filterable. We shouldn't presume to know what users may want to filter on.

A common example I give here is: yes, it is useful to be able to filter on spare bytes (which are supposed to always be zero): I've repeatedly had to do that myself to find broken implementations (that is, implementations that aren't setting the spares to 0 and other implementations that aren't ignoring those spares).