HI all,
Please forgive for such a basic question. I noticed that my lua dissector processes a trace file twice. To isolate the issue I have removed nearly all my business code and reduced to a function that does one thing. It still processes the file twice. It processes each packet in the trace file twice, as evidenced by the log file, which has two entries for each packet. It goes top to bottom through the trace, and does it again. For a three packet trace, the log file looks like this:
1
2
3
1
2
3
Why is this happening? Can I prevent this behavior?
This is by design and cannot be changed (unless you use tshark without the -2 option flag). A first pass is done on all packets with a NULL tree that allows to quickly go through packets to call the subdissectors, fill the columns, detect the expert infos, build the relationship between packets (like request / response tracking), etc. Then each packet is redissected with a non NULL tree so as to populate the tree displayed in the GUI. Then a given packet can be dissected again when clicked on in the GUI, when a tap is performed, etc.
Best regards,
Pascal.
