Re: Lua script reads every packet twice

[Pascal Quantin <pascal () wireshark org>]

Hi Jerry,

Le mer. 5 juin 2019 à 21:35, Jerry White <jerrywhite518 () gmail com> a écrit :

> HI all,
>
> Please forgive for such a basic question. I noticed that my lua dissector
> processes a trace file twice. To isolate the issue I have removed nearly
> all my business code and reduced to a function that does one thing. It
> still processes the file twice. It processes each packet in the trace file
> twice, as evidenced by the log file, which has two entries for each packet.
> It goes top to bottom through the trace, and does it again. For a three
> packet trace, the log file looks like this:
>
> 1
> 2
> 3
> 1
> 2
> 3
>
>
> Why is this happening? Can I prevent this behavior?

This is by design and cannot be changed (unless you use tshark without the
-2 option flag). A first pass is done on all packets with a NULL tree that
allows to quickly go through packets to call the subdissectors, fill the
columns, detect the expert infos, build the relationship between packets
(like request / response tracking), etc. Then each packet is redissected
with a non NULL tree so as to populate the tree displayed in the GUI. Then
a given packet can be dissected again when clicked on in the GUI, when a
tap is performed, etc.

Best regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe