Hi Folks, I am writing a dissector in Lua for a protocol which consists of arbitrary key/value pairs. I would like to generate the protocol fields on the fly by adding each unique key as it is encountered in the payload. For example, if a message contained "User=Joe;Region=Europe;SpecialVar=12345", then I would want to add User, Region and SpecialVar to the table of ProtoFields for the protocol. Currently, I am trying to do this from within the dissector by getting the table of ProtoFields using protocolName.fields, inserting the new field, and then assigning the table back to protocolName.fields. However, when I run this code, Wireshark just hangs. Should this be working? Or is modifying a Protocol from within its Dissector unsupported? Note that I originally tried adding the new Protofield in place (i.e.: table.insert(protocolName.fields, newProtoField) ), but this simply did not work. So I am guessing that proto.fields returns a copy of the table as opposed to a reference (someone correct me if I am wrong). Thanks in advance, Ryan asked 11 Aug '16, 15:01  ryber |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Check this question.
Thanks, Sindy. That question represents the same problem I am trying to solve. Your suggestions had occurred to me as a workaround, but I was hoping to be able to do it "properly".
There is no "proper" solution of this, given the overall architecture. The clear distinction between registration and execution phase has its purpose - all protocol fields can be used for display filter, so they must be known before the actual dissection takes place. Otherwise it e.g. wouldn't be possible to make a formal check of the display filter expression.
So in your case, if you know the complete set of possible field names, you can register all of them in advance and only practically use the ones which actually arrive in a frame, but if the names are totally unpredictable, only the "workaround" can be used.