Guy and Pascal, Thanks very much!
Jerry On Wed, Jun 5, 2019 at 12:52 PM Guy Harris <[email protected]> wrote: > On Jun 5, 2019, at 12:34 PM, Jerry White <[email protected]> wrote: > > > Please forgive for such a basic question. I noticed that my lua > dissector processes a trace file twice. > > *Wireshark* can process packets more than once; we will never guarantee > that a dissector will see a packet only once. > > Even *TShark* can do so if run with the -2 flag. > > So you will need to make sure your dissector can handle this. > > > To isolate the issue I have removed nearly all my business code > > A dissector should > > 1) set columns for the packet as appropriate; > > 2) build a protocol tree of fields in the packet; > > 3) build, on the first pass, any data structures needed when > redissecting - on the first pass, packets are processed in order, but > packets may be handed to the dissector in random order after that, so if > the dissection of packet N depends on the contents of packet M, for M < N, > you'll need to remember whatever information allows you to dissect packet N > in the future, even if packet M isn't dissected again first. > > It should *not* report any statistics or other analysis information. It > may calculate and save that information, on the first pass, but it > shouldn't report it; reporting that information should be done by taps - see > > > https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=doc/README.tapping;hb=HEAD > > (or the doc/README.tapping file in the source tree) > > If your dissector needs to do something only on the first pass, it needs > to check the packet's "visited" flag; see > > > https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Pinfo.html#lua_class_Pinfo > > for information on how to do that from Lua code. > > So if your business code is doing any reporting of statistics, or other > information that's not in the "a dissector should" list above, it needs to > be done outside the dissector. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
