Ask Your Question

Revision history [back]

Are you trying to use the GRE proto field or the GRE protocol version field? I think you want the GRE proto field, but your sample code suggests otherwise. In any case, here's a simple example that may help you:

grepost = Proto("GREpost", "Append GRE message to info column")

-- Field Extractor
gre_proto_fe ="gre.proto")

function grepost.dissector(tvb, pinfo, tree)
    local gre_proto = gre_proto_fe().value

    if gre_proto == 0x0800 then" (GRE/IP)")