Wireshark-bugs: [Wireshark-bugs] [Bug 11413] RTP Lua reassemble does not work for more than two
Date: Tue, 04 Aug 2015 19:02:23 +0000

changed bug 11413


What Removed Added
CC   jeff.morriss.ws@gmail.com

Comment # 2 on bug 11413 from
(In reply to Hadriel Kaplan from comment #1)
> Wireshark performs multiple passes of the packets, dissecting them multiple
> times. When it first loads a file, it dissects them but without generating
> fields that only affect the details window pane display tree. The
> "rtp.timestamp" field happens to be one of those fields that it does not
> generate in this initial dissection pass.
> 
> Because of that, your Lua proto.dissector() function is actually hitting a
> Lua error when it does "getTs().value", because there is no such
> "rtp.timestamp" field, so the "getTs()" returns nil, and trying to get the
> "value" Lua field of a nil (which is not a table) is a Lua error. So Lua
> will return immediately on hitting that error. You don't see that error in
> Wireshark's details pane because Wireshark will dissect the packet again and
> not hit the error the second time, since there will be a timestamp field
> then.

Nice analysis! :-)

Question: there is a way to tell Wireshark that a particular field is "of
interest" and thus must not be faked (proto_tree_prime_hfid()?).  If a script
is using a field (as it clearly is here) should Lua be marking those fields as
interesting (not to be faked)?

Or should Lua scripts not be concerned with which pass they're on?


You are receiving this mail because:
  • You are watching all bug changes.