Hi Peter,

Thanks for the reply, and Yes I'm storing the modified payload in a table.
and fetching it whenever the dissector is called again. I was little
worried about memory consumption since maintaining a table for 100k packets
sounds a little heavy. and thought there was some other alternative rather
than storing it. But after going through ssl dissector, Wireshark does it
in a similar manner.

Regards
Jeswin

On Sat, Apr 14, 2018 at 2:04 PM Peter Wu <pe...@lekensteyn.nl> wrote:

> Hi Jeswin,
>
> On Thu, Apr 12, 2018 at 12:45:21PM +0000, Jeswin Mathai wrote:
> > want to modify payload of a packet before it is processed by its desired
> > dissector. I've written a chained dissector in lua, which modifies the
> tvb
> > and then calls the next dissector with the modified tvb. The plugins is
> > working correctly. The issue I'm facing is that the dissector is called
> > every time, upon applying filter or opening the io graph, which makes it
> > slower. I can call my dissector only once by checking the value of
> > pinfo.visited. But doing so the payload is not modified and the desired
> > dissector processes the original payload after the first run. I'm looking
> > for a solution so that my dissector is called only onces, which will
> > processes and modifies the payload on the first run. The modified payload
> > should persist so that whenever the packet is visited again(by applying
> > filters or IO graph or Endpoints) the desired dissector would process the
> > modifed payload rather than the original one
>
> Do you have some sample code that shows the operations you are
> performing? Perhaps there is room for optimization.
>
> If memory usage is not a concern, you could store the processed data in
> a table (keyed by pinfo.number) and refer to it on the second pass. Be
> sure to clear this table when the proto.init callback is invoked (where
> proto is your Proto instance), this callback is executed every time a
> capture file is reloaded.
> --
> Kind regards,
> Peter Wu
> https://lekensteyn.nl
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Reply via email to