On 3 June 2016 at 12:04, Paul Offord <[email protected]> wrote:
> Hi Graham, > > > > My post-dissector should run after all other dissectors have completed. > The reference to tcp.len is just an example. I need access to the full > stack e.g. everything from ethertype to SMB msg id. I purposely don’t want > to do any protocol dissection myself. > > > > I guess that what I am effectively asking for is access to everything in > the dissector tree. > > > > Thanks for the pointer to README.dissector – I have written a C dissector > before, goodness knows why I had forgotten this doc L I’ve scanned > through it but it doesn’t seem to cover my issue. > > > > Best regards…Paul > > Ah, sorry Paul I skipped over the phrase "post-dissector". Those are a bit of an odd fish, I suggest you have a look at how the Lua field extractor interface is defined in the C code. > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Graham Bloice > *Sent:* 03 June 2016 09:16 > *To:* Developer support list for Wireshark <[email protected]> > *Subject:* Re: [Wireshark-dev] Extracting field values in a C > post-dissector > > > > > > > > On 3 June 2016 at 08:47, Paul Offord <[email protected]> wrote: > > I want to rewrite a LUA post-dissector in C. How can my code get > dissected data values, e.g. tcp.len, into a C variable? In LUA you define > a field extractor. Is there an equivalent in C? > > > > I’ve looked at the wiki and I’ve looked at the MATE code but I haven’t > found how to do it. > > > > Thanks and regards…Paul > > > > > > > doc\README.dissector is your guide for C-based dissectors. > > > > Are you aiming to get values from dissectors called before yours, e.g. > your protocol runs on tcp, so tcp dissection is done first, then the data > from the tcp segment is handed to your dissector? > > > > If so, then the pinfo structure passed to your dissector has a lot of info > about previous dissection, see epan\packet_info.h for the structure members. > > > > Is your reference to tcp.len just a general example or an actual value you > *think* you need? Generally in tcp based dissectors, the length of any > individual tcp segment is immaterial, you just process the data handed to > your dissector in the *tvb. This is especially the case when a protocol > PDU can either be spread over multiple tcp segments, or multiple PDU's in a > single segment. This is where tcp reassembly/desegmentation is used. > > > > > > -- > > Graham Bloice > > -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
