Ask Your Question

Revision history [back]

Are you trying to use the GRE proto field or the GRE protocol version field? I think you want the GRE proto field, but your sample code suggests otherwise. In any case, here's a simple example that may help you:

grepost = Proto("GREpost", "Append GRE message to info column")

-- Field Extractor
gre_proto_fe = Field.new("gre.proto")

function grepost.dissector(tvb, pinfo, tree)
    local gre_proto = gre_proto_fe().value

    if gre_proto == 0x0800 then
        pinfo.cols.info:append(" (GRE/IP)")
    end
end

register_postdissector(grepost)