Wireshark · Wireshark-dev: Re: [Wireshark-dev] Lua post-dissector not getting field values

Wireshark-dev: Re: [Wireshark-dev] Lua post-dissector not getting field values

Date: Wed, 23 Sep 2009 12:36:27 -0400

Interesting results! If I edit cf_select_packet (in file.c) and add a call to tap_queue_init(cf->edt) just before the call to epan_dissect_run, it fixes my problem.

tap_queue_init calls epan_dissect_prime_dfilter on each item in the tap_listener_queue, which sets the ref_count for those fields to DIRECT. This means that calls to proto_item_add_<whatever> will also add the field to the interesting_hfids hash table, where they are later found by my Lua postdissector via Field__call.

What I don't know is whether this is actually a reasonable strategy for solving the original problem (described in subject of post). After only three days of digging through the source code, I definitely do not qualify as a Wireshark expert, just a lucky beachcomber who happened to find two shells that seem to fit together.

Can anyone comment on this?

Thanks,
b.

References:
- [Wireshark-dev] Lua post-dissector not getting field values
  - From: Beth
- Re: [Wireshark-dev] Lua post-dissector not getting field values
  - From: Beth

Prev by Date: Re: [Wireshark-dev] Building with cmake on OSX
Next by Date: [Wireshark-dev] TCP Packet Re-Assembly regression?
Previous by thread: Re: [Wireshark-dev] Lua post-dissector not getting field values
Next by thread: [Wireshark-dev] Crash at startup with current svn
Index(es):
- Date
- Thread