HI all,
Please forgive for such a basic question. I noticed that my lua dissector processes a trace file twice. To isolate the issue I have removed nearly all my business code and reduced to a function that does one thing. It still processes the file twice. It processes each packet in the trace file twice, as evidenced by the log file, which has two entries for each packet. It goes top to bottom through the trace, and does it again. For a three packet trace, the log file looks like this:
1
2
3
1
2
3
Why is this happening? Can I prevent this behavior?
Thanks in advance,
Jerry
Here's the script:
-----------------------------------------------------------------
WBA = Proto("myWBA", "ClientWBA")
req_appcode_tree = ProtoField.new("WBA_header", "WBA.WBA_header", ftypes.STRING)
ac_appcode_tree = ProtoField.new("WBA_subtype", "WBA.WBA_subtype", ftypes.STRING)
WBA.fields = {
req_appcode_tree,
ac_appcode_tree
}
-- initialize LOG file
csv = io.output("C:\\Users\\JerryWhite\\Documents\\IBM\\Somos\\Packets\\lua.log.csv", w)
csv:write("pnum,abs_time,src_port,dst_port,appcode,subcode\n")
function WBA.dissector(tvbuf, pktinfo, root)
-- set the protocol column to show our protocol name
pktinfo.cols.protocol:set("WBA")
tree = root:add(WBA, tvbuf:range(0,pktlen))
csv:write("processing a packet "..pktinfo.number.. "\n")
end
--single port per app
DissectorTable.get("tcp.port"):add(3900, WBA)
