Okay, I've tried creating a Wireshark Lua plugin however I'm unable to keep a thread open in the background to change the GUI-filter without blocking the Wireshark main thread. I've even tried creating a separate Lua thread which doesn't work either. The
other option that I have investigated was: to register the server accept() call into an API call similar to "register_postdissector" (which is "called for every frame after dissection") however there are no such suitable API calls (and to be honest it would
be a terrible hack!).
By a Lua "thread" I assume you mean coroutine, and as you probably know coroutines are not real OS threads of their own - they can mimic the user experience of a multi-threaded app, by yielding and resuming at numerous/appropriate times, but if a blocking
function call is attempted in a coroutine, it'll block the whole app. LuaSocket does support a non-blocking model for accept(), by using settimeout() if I recall right, but yeah you'd have to have some event trigger to call it again and again (or to resume
a coroutine that yielded). I haven't thought about it much, but my guess is it would really need to be added to Wireshark's main event loop to do. Crap.
Maybe the guys from QaCafe know how to do it in wireshark, because I think they used LuaSocket in a Wireshark Lua plugin for talking externally to something at some point.
Or I could look into how nmap does it, since their Lua scripts can do it.
So I guess that leaves me with a two questions:
> Is there a better way of using Lua such that I can have a socket open in the background?
> If not: is there a procedure for getting my (small) C++ change reviewed and getting it built into Wireshark?
Submit an enhancement ticket in bugzilla and select the 'review_for_checkin' flag when you attach your patch.
