Wireshark-dev: Re: [Wireshark-dev] Extracting field values in a C post-dissector
From: Guy Harris <[email protected]>
Date: Sun, 4 Sep 2016 19:23:44 -0700
On Sep 4, 2016, at 2:38 PM, Pascal Quantin <[email protected]> wrote:

> 2016-09-04 23:36 GMT+02:00 Paul Offord <[email protected]>:
> 
>> Just to be clear what you mean.  You are saying that I should submit a patch to change:
>> 
>>   extern int proto_registrar_get_id_byname(const char *field_name);
>> 
>> to:
>> 
>>   WS_DLL_PUBLIC int proto_registrar_get_id_byname(const char *field_name);
>> 
>> Is that correct?
> 
> Yes, otherwise (as you stated) it cannot be called from a plugin. Such change would be part of Wireshark 2.4

That change is *already* part of Wireshark 2.4...

> (as it is probably too late to merge this in Wireshark 2.2).

...and it's also part of Wireshark 2.2.

That was done in change cdf9943717c9bb1cba7af381507b295b384e800b:

	Author: Guy Harris <[email protected]>
	Date:   Mon Jan 4 13:14:08 2016 -0800

	    Don't walk the entire protocol tree to extract the value of one field.
    
	    Instead, prime the epan_dissect_t's tree to look for rtp.ssrc, and
	    extract that value with proto_get_finfo_ptr_array().
    
	    Also, have the filter used to check whether the packet is a candidate
	    for RTP analysis to check for RTPv2 (and add a check for IPv4 or IPv6
	    back to the Qt version), and get rid of an unnecessary extra level of
	    indirection for that string.
    
	    In the Qt version, if findStreams() set the error string, don't
	    overwrite it with a "No streams found." indication, and fix error
	    handling for the "filter didn't compile" case.
    
	    Change-Id: I09d0ea37ccd4806d99e3b6394f2a8a376e974705
	    Reviewed-on: https://code.wireshark.org/review/13045
	    Reviewed-by: Guy Harris <[email protected]>

which was made before the 2.2 branch was created.