Hi, I am trying to read the per-packet (user) comment in a post-dissector. Calling epan_get_user_comment(pinfo->epan, pinfo->fd) doesn't work - it the epan_session callback for get_user_comment() is set to NULL.
The callback that is set in places where the comment is available uses ws_get_user_comment() as its callback, which looks up a hash table in the capture_file struct. I need to leave this for now, but if anyone happens to have looked into this before I'd be grateful to hear about it. Best regards, Martin P.S. This may be a hacky thing to want to do, but my motivation is to at least demo being able to show Snort alerts this week by reading the comment (attached by TraceWrangler) rather than running Snort from within the post-dissector ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
