When writing a new dissector for a custom raw-packet (non-IP) protocol, what's the best way to record state across multiple packets and update expert fields for previous packets based on this? Is it even possible?
Specific questions:
- Is there a better way to store multi-packet state other than just using global tables in the plugin lua file?
- Is there a callback to "reset" any previous state (eg. when loading a new capture)? Or does it always reload the lua scripts in this case anyway?
- Is it possible to add ProtoExpert fields (eg. bad sequence) to previously-dissected packets or can they only be added on the current packet?
- Is it possible to show some kind of link between related frames (eg. request/reply, custom conversation)?
- Is it possible to add a default colourisation rule for certain things? (By which I mean a user plugin adding a rule to show error packets in red by default, for example, but that the user can override with different settings, like the existing default rules.)
