On Wed, Feb 07, 2018 at 07:40:52PM +0100, Roland Knall wrote:
> On Wed, Feb 7, 2018 at 7:32 PM, Peter Wu <peter@xxxxxxxxxxxxx> wrote:
>
> > Hey Roland,
> >
> >
> > The problem with dissect_tcp_pdus (and desegment_offset/desegment_len)
> > is that it prevents the dissection from displaying until everything is
> > available.
> >
> > In C, the reassembly API (epan/reassemble.h) could potentially be used
> > for more control over when the dissection is displayed, but the API can
> > be hard to use. This API is not exposed to Lua, I guess that in Lua the
> > best you can do now given the current API limitations is to store
> > fragments in a global variable (register a cleanup routine to clear this
> > variable when a packet capture file closes).
> > --
> >
>
>
> Yeah, thought as much. Is there a document on how Lua dissection works in
> general?
Does the source code count? :P
The "dissect" function should work similar to the C code (you can
register a protocol in a table like TCP port numbers, as heuristics
dissector). Is there some behavior of the C API that you are looking
for?
> In C you cannot rely on the "right" order of dissecting packets, as
> dissectors are called multiple times and not necessarily in-order.
>
> Or does Lua work more closely to the tap-interface, where you can rely that
> the order is always "right"
Since Lua dissectors are treated as normal dissectors, it should be the
former. E.g. when you select a different item in the packet list, the
dissection routine will be invoked again.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
