Wireshark-dev: Re: [Wireshark-dev] Wireshark-dev: Re: Lua embedded into C++
From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Wed, 15 Mar 2017 14:41:47 +0100
Hi Kunal,

On Tue, Mar 14, 2017 at 10:37:47PM +0000, Kunal Thakrar wrote:
> The next question I had is to do with post-dissectors in Lua. Please
> correct me if I'm wrong, will they allow me to get data in the
> proto-tree section of the main Wireshark screen? At the moment I have
> packets with their source, destination ips and ports as well as packet
> numbers, will I be able to get the proto-tree data for these specific
> packets?

You can get the proto-tree data only if you "prime" the field before.
This ensures that Wireshark tries to find those fields during
dissection. In Lua you can do this using the Field.new function:
https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Field.html#lua_class_Field

This function must be called before dissection starts (otherwise the
fields are not selected for "priming". There is probably a similar
function in the C API (search for "prime"). Idea is basically the same:

    Before dissection: prime fields where you are interested in
    During dissection: protocols dissect normally
    After dissection: post-dissector checks any fields that were primed.

I did not look into the details though, but this should be the general
idea. Hope it helps!
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl