I want to write a plugin to add description to VSA's in pfcp message.
Now I want to add a new filed under every VSA in the packet as depicted in picture linked. link text
I think it will require finding parent subtree root of a Filed.
Can I achieve this in a lua post dissector plugin?
As far as I know, post dissectors are used to add information only after the tree (below it). I am not aware of a way of modifying an existing dissector with a post dissector. check these answer for a more detailed explanation: link text
I could see how it could be useful to traverse the tree and add of change tree items. Maybe we should suggest an enhancement request.
for your case, I will suggest to handle it within the dissector itself and not in a separate post dissector. You may want to write/get a LUA dissector of that protocol, replacing the original one, so you can add your extra fields more easily. In such a dissector, you can simply add the field after the VSA and add extra analysis.
Hope I have helped.
Could not find a way to find parent pointer. But i was able to add pfcp vsa dissectors using following
mypfcpvsa_protocol = Proto("mypfcpvsa", "mypfcpvsa Dissector")
local pfcp_enterprise_ies_dissector_table = DissectorTable.get("pfcp.enterprise_ies")
pfcp_enterprise_ies_dissector_table:add(<myenterpriseidvalue>, mypfcpvsa_protocol )
function mypfcpvsa_protocol .dissector(buffer, pinfo, tree)
--dissector code
end
In your example, you added mypfcpvsa_protocol to as a sub dissector of pfcp. I am not sure that is what you wanted to do. If the pfcp dissector has a call to a protocol with the parameter <myenterpriseidvalue> then it will call your mypfcpvsa_protocol dissector.
Read further: link text
Asked: 2021-02-25 23:39:45 +0000
Seen: 529 times
Last updated: Feb 26 '21
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.