Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

You have to declare a global table in the part of your Lua code where you register the protocol fields, as this part is run once before any dissection is started. Once this is done, you can access that table from your .dissector function. You must not attempt to register that global table as protocol field, it is just your working table. The .dissector function may use values from that table to populate registered protocol fields which are marked as "synthetic" (I don't remember the correct name), i.e. those which are not physically present in the packet data but are calculated. The protocol fields of this kind are marked as such by [ ] around them in the dissection tree pane.

The point is that the .dissector packet is run over the packet data several times - first in sequence when the file is loaded, with each selection of the packet in the packet list pane, with each application of a display filter... and the global table does not become part of packet data. So whenever the .dissector function dissects the packet, it must create all fields again and hook them at the correct place to the dissection tree.

You also have to bear in mind the above when handling the contents of the global table. In general, you must check whether the item you are going to insert doesn't exist already, as in most cases you actually fill the table only during the initial sequential pass of Wireshark through the file.

You have to declare a global table in the part of your Lua code where you register the protocol fields, as this part is run once before any dissection is started. Once this is done, you can access that table from your .dissector function. You must not attempt to register that global table as protocol field, it is just your working table. The .dissector function may use values from that table to populate registered protocol fields which are marked as "synthetic" (I don't remember the correct name), "generated", i.e. those which are not physically present in the packet data but are calculated. the dissector calculates (generates) them from physical data of the packet currently dissected as well as other information sources. The protocol fields of this kind are marked as such by [ ] around them in the dissection tree pane.

The point is that the .dissector packet function is run over the packet data several times - first in sequence when the file is loaded, with each selection of the packet in the packet list pane, with each application of a display filter... and the global table does not become part of packet data. So whenever the .dissector function dissects the packet, it must create all fields again and hook them at the correct place to the dissection tree.

You also have to bear in mind the above when handling the contents of the global table. In general, you must check whether the item you are going to insert doesn't exist already, as in most cases you actually fill the table only during the initial sequential pass of Wireshark through the file.

You have to declare a global table in the part of your Lua code where you register the protocol fields, as this part is run once before any dissection is started. Once this is done, you can access that table from your .dissector function. You must not attempt to register that global table as protocol field, it is just your working table. The .dissector function may use values from that table to populate registered protocol fields which are marked as "generated", i.e. those which are not physically present in the packet data but the dissector calculates (generates) them from physical data of the packet currently dissected as well as other information sources. The protocol fields of this kind are marked as such by [ ] around them in the dissection tree pane.

The point is that the .dissector function is run over the packet data several times - first in sequence when the file is loaded, with each selection of the packet in the packet list pane, with each application of a display filter... and the global table does not become part of packet data. So whenever the .dissector function dissects the packet, it must create all fields again and hook them at the correct place to the dissection tree.

You also have to bear in mind the above when handling the contents of the global table. In general, you must check whether the item you are going to insert doesn't exist already, as in most cases you actually fill the table only during the initial sequential pass of Wireshark through the file.

You have to declare a global table in the part of your Lua code where you register the protocol fields, as this part is run once before any dissection is started. Once this is done, you can access that table from your .dissector function. You must not attempt to register that global table as protocol field, it is just your working table. The .dissector function may use values from that table to populate registered protocol fields which are marked as "generated", i.e. those which are not physically present in the packet data but the dissector calculates (generates) them from physical data of the packet currently being dissected as well as other information sources. The protocol fields of this kind are marked as such by [ ] around them in the dissection tree pane.

The point is that the .dissector function is run over the packet data several times - first in sequence when the file is loaded, with each selection of the packet in the packet list pane, with each application of a display filter... and the global table does not become part of packet data. So whenever the .dissector function dissects the packet, it must create all fields again and hook them at the correct place to the dissection tree.

You also have to bear in mind the above when handling the contents of the global table. In general, you must check whether the item you are going to insert doesn't exist already, as in most cases you actually fill the table only during the initial sequential pass of Wireshark through the file.