 | 1 | initial version |
Wireshark is using a two-pass process. On the first pass every packet will be seen in packet order. The second pass happens when packets are displayed in the packet list, but also when a certain packet gets selected.
In your dissector code you need to make a distinction to what needs to be done only on the first pass (pinfo->fd->visited == false) and things that need to be done in subsequential passes.
Also reassembly of the TCP data is a little more complicated than what I can see in your Lua code.
Have a look at the doc/README.* documents in the repository for more detailed information.
