Hi Kunal, On Tue, Mar 14, 2017 at 10:37:47PM +0000, Kunal Thakrar wrote: > The next question I had is to do with post-dissectors in Lua. Please > correct me if I'm wrong, will they allow me to get data in the > proto-tree section of the main Wireshark screen? At the moment I have > packets with their source, destination ips and ports as well as packet > numbers, will I be able to get the proto-tree data for these specific > packets?
You can get the proto-tree data only if you "prime" the field before. This ensures that Wireshark tries to find those fields during dissection. In Lua you can do this using the Field.new function: https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Field.html#lua_class_Field This function must be called before dissection starts (otherwise the fields are not selected for "priming". There is probably a similar function in the C API (search for "prime"). Idea is basically the same: Before dissection: prime fields where you are interested in During dissection: protocols dissect normally After dissection: post-dissector checks any fields that were primed. I did not look into the details though, but this should be the general idea. Hope it helps! -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
