luawiresharkwireshark-dissector

Wireshark Lua API: How to maintain a packetfile specific var?


Snippet of my dissector:

local proto = Proto("myproto", "my proto")

local n_visited = 0

function proto.dissector(tvbuf, pinfo, tree)
    -- ...
    -- ...

    if not pinfo.visited then
        n_visited = n_visited + 1
    end

    -- ...
    -- ...
end

DissectorTable.get("tcp.port"):add(12345, proto)

Based on my testing, Wireshark loads the dissector module only once so the module's private global var n_visited is shared between packet files. Is there a way I can define packetfile specific global vars?


Solution

  • Quoting the answer from ask.wireshark.org:

    Currently, only one capture file can be open at a time in a single process running Wireshark (which is not a feature, especially in macOS, but I digress...), so there's no notion of packet file-specific variables anywhere in Wireshark.

    What we do have, at least for C/C++ dissectors, is the ability for a dissector to register a routine to be called when a new capture file is opened, before any packets are read and dissected, and to register a routine to be called when the current capture file is closed.

    We also have a version of that for Lua dissectors; to quote the documentation for the Proto class in the Wireshark Developer's Guide:

    11.3.5.7. proto.init
    
    Mode: Assign only.
    
    The init routine of this dissector, a function you define.
    
    The init function is called when the a new capture file is opened
    or when the open capture file is closed. It is passed no arguments.
    

    The init routine of a dissector is called when a new capture file is opened and when it's closed (I think that's left over from before we had separate init and close routines for C/C++ dissectors).

    So what you want is to (re-)initialize your "should change every time you open a new file" variables in your dissector's init routine.