|
Hi, i am currently trying to write a post dissector in c that ive already written in LUA. In LUA fields can be extracted by using field extractor methods, e.g. i can read the "udp.port". Is there any equivalent to this in C? |
|
You just use the normal dissector functions for accessing the tvb. Info is in doc\README.dissector. Post-dissectors are much the same as a normal dissector, except they get called for every frame after all other dissectors have had a go as required. I dont want to acess a range in the tvb but get information another dissector has already figured out, e.g. An UDP-Dissector would have created the meta-data field "udp.port". I need to acess this information field (which is in C resembled by header_field_info type i think).
(15 Jan '16, 04:50)
Wodka
You get that via the packet_info structure passed to your dissectors pinfo parameter. For the ports, use
(15 Jan '16, 04:58)
grahamb ♦
i dont need the port. that was just an example. I just want to know - generally spoken, how to access a header field, e.g. called "xxx.yyy".
(15 Jan '16, 06:40)
Wodka
I'm not sure that you can in C. A dissector is normally limited to the tvb, the packet_info and proto_tree and any data structure passed from the caller, although post-dissectors don't get the data structure. I guess there must be some method for Lua to extract that info, digging into the code a little, it appears that Lua uses a tap and then processes the packet tree in the tap to extract fields. I'm not aware of any general API to do that that is available to C dissectors, but there might be one.
(15 Jan '16, 07:32)
grahamb ♦
|
