Snippet of my dissector:
local proto = Proto("myproto", "my proto")
local n_visited = 0
function proto.dissector(tvbuf, pinfo, tree)
-- ...
-- ...
if not pinfo.visited then
n_visited = n_visited + 1
end
-- ...
-- ...
end
DissectorTable.get("tcp.port"):add(12345, proto)
Based on my testing, Wireshark loads the dissector module only once so the module's private global var n_visited
is shared between packet files. Is there a way I can define packetfile specific global vars?
Quoting the answer from ask.wireshark.org:
Currently, only one capture file can be open at a time in a single process running Wireshark (which is not a feature, especially in macOS, but I digress...), so there's no notion of packet file-specific variables anywhere in Wireshark.
What we do have, at least for C/C++ dissectors, is the ability for a dissector to register a routine to be called when a new capture file is opened, before any packets are read and dissected, and to register a routine to be called when the current capture file is closed.
We also have a version of that for Lua dissectors; to quote the documentation for the Proto class in the Wireshark Developer's Guide:
11.3.5.7. proto.init Mode: Assign only. The init routine of this dissector, a function you define. The init function is called when the a new capture file is opened or when the open capture file is closed. It is passed no arguments.
The init routine of a dissector is called when a new capture file is opened and when it's closed (I think that's left over from before we had separate init and close routines for C/C++ dissectors).
So what you want is to (re-)initialize your "should change every time you open a new file" variables in your dissector's init routine.