Hi Peter, Thanks for the reply, and Yes I'm storing the modified payload in a table. and fetching it whenever the dissector is called again. I was little worried about memory consumption since maintaining a table for 100k packets sounds a little heavy. and thought there was some other alternative rather than storing it. But after going through ssl dissector, Wireshark does it in a similar manner.
Regards Jeswin On Sat, Apr 14, 2018 at 2:04 PM Peter Wu <pe...@lekensteyn.nl> wrote: > Hi Jeswin, > > On Thu, Apr 12, 2018 at 12:45:21PM +0000, Jeswin Mathai wrote: > > want to modify payload of a packet before it is processed by its desired > > dissector. I've written a chained dissector in lua, which modifies the > tvb > > and then calls the next dissector with the modified tvb. The plugins is > > working correctly. The issue I'm facing is that the dissector is called > > every time, upon applying filter or opening the io graph, which makes it > > slower. I can call my dissector only once by checking the value of > > pinfo.visited. But doing so the payload is not modified and the desired > > dissector processes the original payload after the first run. I'm looking > > for a solution so that my dissector is called only onces, which will > > processes and modifies the payload on the first run. The modified payload > > should persist so that whenever the packet is visited again(by applying > > filters or IO graph or Endpoints) the desired dissector would process the > > modifed payload rather than the original one > > Do you have some sample code that shows the operations you are > performing? Perhaps there is room for optimization. > > If memory usage is not a concern, you could store the processed data in > a table (keyed by pinfo.number) and refer to it on the second pass. Be > sure to clear this table when the proto.init callback is invoked (where > proto is your Proto instance), this callback is executed every time a > capture file is reloaded. > -- > Kind regards, > Peter Wu > https://lekensteyn.nl > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <firstname.lastname@example.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <email@example.com> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe