Wireshark-bugs: [Wireshark-bugs] [Bug 8266] post-dissector fields not saved in pdml
Comment # 17
on bug 8266
from Jono
Yes I'm very sorry about that.
I keep writing toy tests to demonstrate issues and then find the issue has
spontaneously resolved in the test case, then I do a work around based on that
and soon find another issue somewhere else. It's very frustrating as I've been
spending more time than I want to on this already and it's hard to see why
writing to the wireshark gui should behave any differently to writing to pdml.
It's very inconvenient having to continually verify results against pdml
output.
I have to admit much of this is probably my fault! As you note, I haven't
installed the latest trunk, which would totally make sense and I'll do it now.
Also, I have seen a caveat somewhere that pdml was added as an aid to wireshark
development and is not a mature feature (is that still true?)
Here is another surprise I've had. I'll test it against trunk and update here
if the behaviour is any different. The lua script below (modify ports as
required) inserts 'UDP' and 'TCP' comments as expected in wireshark, but
question mark comments in pdml. Is this expected behaviour? If so, why?
Once again I apologise for all the caps and excessive punctuation. Wireshark
is a great project and I appreciate the work you guys do on it.
Cheers,
Jono
========================= test.lua
local udp_dissector_table = DissectorTable.get("udp.port")
local tcp_dissector_table = DissectorTable.get("tcp.port")
protoTest = Proto ("test", "Test")
comment_field = ProtoField.string("test.comment","Comment")
protoTest.fields = {comment_field}
udp_srcport = Field.new('udp.srcport')
tcp_srcport = Field.new('tcp.srcport')
function protoTest.dissector(buf, pkt, root)
pkt.cols.protocol = protoTest.name
local tree = root:add(protoTest)
if udp_srcport() then
tree:add(comment_field, "UDP")
elseif tcp_srcport() then
tree:add(comment_field, "TCP")
else
tree:add(comment_field, '?????????')
end
end
function protoTest.init()
end
udp_dissector_table:add(9005, protoTest)
udp_dissector_table:add(5060, protoTest)
udp_dissector_table:add(9017, protoTest)
udp_dissector_table:add(9005, protoTest)
udp_dissector_table:add(9006, protoTest)
tcp_dissector_table:add(9005, protoTest)
You are receiving this mail because:
- You are watching all bug changes.