Wireshark · Wireshark-dev: Re: [Wireshark-dev] Extracting field values in a C post-dissector

Wireshark-dev: Re: [Wireshark-dev] Extracting field values in a C post-dissector

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Sun, 4 Sep 2016 19:59:17 -0700

On Aug 22, 2016, at 6:40 AM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:

> By having a quick look at the code, I *think* you will want first to retrieve the hfindex of a given field by using proto_registrar_get_id_byname(), then mark it as "interesting" with proto_tree_prime_hfid()

...which you have to do before the dissection starts.

Unfortunately, you can't do that in a post-dissector.

So...

> aOr a cll to proto_find_finfo() should work also without the need to prime the field, but should be slower according to the comments in proto.h.

...you might have to do it that way, instead.

Follow-Ups:
- Re: [Wireshark-dev] Extracting field values in a C post-dissector
  - From: Paul Offord

Prev by Date: Re: [Wireshark-dev] Extracting field values in a C post-dissector
Next by Date: Re: [Wireshark-dev] Extracting field values in a C post-dissector
Previous by thread: Re: [Wireshark-dev] Extracting field values in a C post-dissector
Next by thread: Re: [Wireshark-dev] Extracting field values in a C post-dissector
Index(es):
- Date
- Thread