Dissector state across multiple packets in Lua

asked 2019-05-10 02:14:01 +0000

updated 2019-05-10 06:11:11 +0000

Jaap gravatar image

When writing a new dissector for a custom raw-packet (non-IP) protocol, what's the best way to record state across multiple packets and update expert fields for previous packets based on this? Is it even possible?

Specific questions:

  1. Is there a better way to store multi-packet state other than just using global tables in the plugin lua file?
  2. Is there a callback to "reset" any previous state (eg. when loading a new capture)? Or does it always reload the lua scripts in this case anyway?
  3. Is it possible to add ProtoExpert fields (eg. bad sequence) to previously-dissected packets or can they only be added on the current packet?
  4. Is it possible to show some kind of link between related frames (eg. request/reply, custom conversation)?
  5. Is it possible to add a default colourisation rule for certain things? (By which I mean a user plugin adding a rule to show error packets in red by default, for example, but that the user can override with different settings, like the existing default rules.)
edit retag flag offensive close merge delete