 | 1 | initial version |
Are you trying to use the GRE proto field or the GRE protocol version field? I think you want the GRE proto field, but your sample code suggests otherwise. In any case, here's a simple example that may help you:
grepost = Proto("GREpost", "Append GRE message to info column")
-- Field Extractor
gre_proto_fe = Field.new("gre.proto")
function grepost.dissector(tvb, pinfo, tree)
local gre_proto = gre_proto_fe().value
if gre_proto == 0x0800 then
pinfo.cols.info:append(" (GRE/IP)")
end
end
register_postdissector(grepost)