Hi, i am currently trying to write a post dissector in c that ive already written in LUA. In LUA fields can be extracted by using field extractor methods, e.g. i can read the "udp.port". Is there any equivalent to this in C? asked 15 Jan '16, 00:26  Wodka |
One Answer:
You just use the normal dissector functions for accessing the tvb. Info is in doc\README.dissector. Post-dissectors are much the same as a normal dissector, except they get called for every frame after all other dissectors have had a go as required. answered 15 Jan '16, 04:22  grahamb ♦ |
I dont want to acess a range in the tvb but get information another dissector has already figured out, e.g. An UDP-Dissector would have created the meta-data field "udp.port". I need to acess this information field (which is in C resembled by header_field_info type i think).
You get that via the packet_info structure passed to your dissectors pinfo parameter.
For the ports, use
pinfo->srcportorpinfo->dstport.i dont need the port. that was just an example. I just want to know - generally spoken, how to access a header field, e.g. called "xxx.yyy".
I'm not sure that you can in C. A dissector is normally limited to the tvb, the packet_info and proto_tree and any data structure passed from the caller, although post-dissectors don't get the data structure.
I guess there must be some method for Lua to extract that info, digging into the code a little, it appears that Lua uses a tap and then processes the packet tree in the tap to extract fields. I'm not aware of any general API to do that that is available to C dissectors, but there might be one.