Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

LUA: avoid auto-expand sub-tree

Hello,

my LUA dissector has a general header followed by an arbitrary number of tlv sections. Each tlv section has its own header (len / type) followed by the tlv-data.

Currently I just iterate across each tlv reusing the same protofield to make the proper decoding (ascii vs hex vs ...)

f.data = ProtoField.bytes ("S8HR_proto.data", "Data Hex")

Everything is fine except when I select a byte sequence in the wireshark's raw data (at bottom). When that happens wireshark correctly expand the specific tlv but as soon as I move to a different packet (of same dissector) then all tlv get auto-expanded and it take some time to manually close one by one.

I suspect this is because of the reuse of same ProtoField during the walk-in iteration.

How can I make use to use different protofield each time (maybe tying it to the tlv type) ? Otherwise is there any way to programmatically collapse such trees when inspecting a new packet ?

Thx!