Get field value in tap listener plugin written in C language
Hi,
In the packet callback function of a tap listener plugin written in C language, I want to get various fields' value, such as ip.len.
From my understanding, after reading the source code of Wireshark, I firstly need to prime the fields that I need the value, and then call proto_get_finfo_ptr_array to get the field_infos in the packet callback function. But the function used to prime the field is declared as extern void proto_tree_prime_with_hfid, not WS_DLL_PUBLIC, this means that the function is not export by the DLL. So, this will lead to link error.
How to solve this problem? Is there any other way to get the fileds' value?
Update:
I also use GPtrArray * proto_find_finfo(edt->tree, id) to try to get the field info for ip.len, the return value is not NULL, but the array length is 0. So, I also failed to extract the field values.
Update (2017-01-09):
I found that the epan_dissect_prime_with_hfid is declared as WS_DLL_PUBLIC, which calls proto_tree_prime_with_hfid directly, so I can use this function instead. I have following code after my listener registered. Then I can get the filed info for ip.len, but it only for the first packet. Now, the problem is changed to why it only works for the first packet?
epan_dissect_t edt;
int id = proto_registrar_get_id_byname("ip.len");
// the edit->tree is an unused parameter
epan_dissect_prime_with_hfid(&edt, id);