This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have been able to find instructions on writing postdissectors for Wireshark in Lua, but have been able to find any such instruction for C. All I've been able to find is that it is indeed possible. Does such a resource exist?

This question is marked "community wiki".

asked 26 May '16, 10:50

osarkar's gravatar image

osarkar
6334
accept rate: 0%


I think you're looking for void register_postdissector(dissector_handle_t); in epan/packet.h

permanent link

answered 26 May '16, 14:40

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

And a dissector that calls that, for example epan/dissectors/packet-prp.c .

There isn't really much documentation of post-dissectors because they're not really something people use much. They were created to meet a very special case. (In fact, there's a reasonable chance what you're trying to do could be better handled another way.)

(26 May '16, 15:00) JeffMorriss ♦

How do I go about fetching fields as I would in Lua? in Lua its Field.new(<fieldname>), which then requires some conversion from userdata to usable types.

(01 Jun '16, 12:21) osarkar

To get started with C development for Wireshark I'd suggest you take a look at README.developer and/or the Developer's Guide (available on the web site). It won't make sense to start learning via Q&A.

(01 Jun '16, 13:05) JeffMorriss ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×637
×431
×24
×10

question asked: 26 May '16, 10:50

question was seen: 1,148 times

last updated: 01 Jun '16, 13:05

p​o​w​e​r​e​d by O​S​Q​A