Lua script reads every packet twice

[Jerry White <jerrywhite518 () gmail com>]

HI all,

Please forgive for such a basic question. I noticed that my lua dissector
processes a trace file twice. To isolate the issue I have removed nearly
all my business code and reduced to a function that does one thing. It
still processes the file twice. It processes each packet in the trace file
twice, as evidenced by the log file, which has two entries for each packet.
It goes top to bottom through the trace, and does it again. For a three
packet trace, the log file looks like this:

1
2
3
1
2
3


Why is this happening? Can I prevent this behavior?

Thanks in advance,
Jerry


Here's the script:
-----------------------------------------------------------------
WBA = Proto("myWBA", "ClientWBA")

req_appcode_tree     = ProtoField.new("WBA_header", "WBA.WBA_header",
ftypes.STRING)
ac_appcode_tree     = ProtoField.new("WBA_subtype", "WBA.WBA_subtype",
ftypes.STRING)

WBA.fields = {
req_appcode_tree,
ac_appcode_tree
}

-- initialize LOG file
csv =
io.output("C:\\Users\\JerryWhite\\Documents\\IBM\\Somos\\Packets\\lua.log.csv",
w)
csv:write("pnum,abs_time,src_port,dst_port,appcode,subcode\n")

function WBA.dissector(tvbuf, pktinfo, root)

-- set the protocol column to show our protocol name
pktinfo.cols.protocol:set("WBA")

tree = root:add(WBA, tvbuf:range(0,pktlen))
csv:write("processing a packet "..pktinfo.number.. "\n")

end

--single port per app
DissectorTable.get("tcp.port"):add(3900, WBA)

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe