Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 8266] post-dissector fields not saved in pdml

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 26 Feb 2013 20:58:08 +0000

Comment # 17 on bug 8266 from 
Yes I'm very sorry about that.  

I keep writing toy tests to demonstrate issues and then find the issue has
spontaneously resolved in the test case, then I do a work around based on that
and soon find another issue somewhere else.  It's very frustrating as I've been
spending more time than I want to on this already and it's hard to see why
writing to the wireshark gui should behave any differently to writing to pdml. 
It's very inconvenient having to continually verify results against pdml
output.

I have to admit much of this is probably my fault!  As you note, I haven't
installed the latest trunk, which would totally make sense and I'll do it now. 
Also, I have seen a caveat somewhere that pdml was added as an aid to wireshark
development and is not a mature feature (is that still true?)

Here is another surprise I've had.  I'll test it against trunk and update here
if the behaviour is any different.  The lua script below (modify ports as
required) inserts 'UDP' and 'TCP' comments as expected in wireshark, but
question mark comments in pdml.  Is this expected behaviour?  If so, why?

Once again I apologise for all the caps and excessive punctuation.  Wireshark
is a great project and I appreciate the work you guys do on it.

Cheers,
Jono


========================= test.lua


local udp_dissector_table = DissectorTable.get("udp.port")
local tcp_dissector_table = DissectorTable.get("tcp.port") 

protoTest = Proto ("test", "Test")
comment_field = ProtoField.string("test.comment","Comment")
protoTest.fields = {comment_field}


udp_srcport = Field.new('udp.srcport')
tcp_srcport = Field.new('tcp.srcport')

function protoTest.dissector(buf, pkt, root)

    pkt.cols.protocol = protoTest.name
    local tree = root:add(protoTest)

    if udp_srcport() then
        tree:add(comment_field, "UDP")
    elseif tcp_srcport() then
        tree:add(comment_field, "TCP")
    else 
        tree:add(comment_field, '?????????')
    end

end

function protoTest.init()
end


udp_dissector_table:add(9005, protoTest)  
udp_dissector_table:add(5060, protoTest)  
udp_dissector_table:add(9017, protoTest)
udp_dissector_table:add(9005, protoTest)
udp_dissector_table:add(9006, protoTest)
tcp_dissector_table:add(9005, protoTest)

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube