This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to write a postdissector in C?

0

I have been able to find instructions on writing postdissectors for Wireshark in Lua, but have been able to find any such instruction for C. All I've been able to find is that it is indeed possible. Does such a resource exist?

This question is marked "community wiki".

asked 26 May '16, 10:50

osarkar's gravatar image

osarkar
6334
accept rate: 0%


One Answer:

0

I think you're looking for void register_postdissector(dissector_handle_t); in epan/packet.h

answered 26 May '16, 14:40

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

And a dissector that calls that, for example epan/dissectors/packet-prp.c .

There isn't really much documentation of post-dissectors because they're not really something people use much. They were created to meet a very special case. (In fact, there's a reasonable chance what you're trying to do could be better handled another way.)

(26 May '16, 15:00) JeffMorriss ♦

How do I go about fetching fields as I would in Lua? in Lua its Field.new(<fieldname>), which then requires some conversion from userdata to usable types.

(01 Jun '16, 12:21) osarkar

To get started with C development for Wireshark I'd suggest you take a look at README.developer and/or the Developer's Guide (available on the web site). It won't make sense to start learning via Q&A.

(01 Jun '16, 13:05) JeffMorriss ♦