Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 11413] RTP Lua reassemble does not work for more than two packages if offset i

Wireshark-bugs: [Wireshark-bugs] [Bug 11413] RTP Lua reassemble does not work for more than two

Date: Tue, 04 Aug 2015 22:31:49 +0000

Comment # 3 on bug 11413 from Hadriel Kaplan

(In reply to Jeff Morriss from comment #2)
> Question: there is a way to tell Wireshark that a particular field is "of
> interest" and thus must not be faked (proto_tree_prime_hfid()?).  If a
> script is using a field (as it clearly is here) should Lua be marking those
> fields as interesting (not to be faked)?

It does do that, but only if the tree is not NULL, which it will be during the
initial read of a file.

I didn't create that part of the Lua-API code, but the comments for it in
wslua_field.c say:

/* We use a fake dfilter for Lua field extractors, so that
 * epan_dissect_run() will populate the fields.  This won't happen
 * if the passed-in edt->tree is NULL, which it will be if the
 * proto_tree isn't created by epan_dissect_init().  But that's by
 * design - if shark doesn't pass in a proto_tree, it's probably for
 * a good reason and we shouldn't override that. (right?)
 */


I don't know if there's some down-side to changing that.(?)

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 11413] New: RTP Lua reassemble does not work for more than two packages if offset is 0
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 11413] RTP Lua reassemble does not work for more than two packages if offset is 0
Next by Date: [Wireshark-bugs] [Bug 11417] New: SOCKS decoder giving strange values for seemingly normal SOCKS connection, parser bug?
Previous by thread: [Wireshark-bugs] [Bug 11413] RTP Lua reassemble does not work for more than two packages if offset is 0
Next by thread: [Wireshark-bugs] [Bug 11413] RTP Lua reassemble does not work for more than two packages if offset is 0
Index(es):
- Date
- Thread