Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Accessing decoded data in packet details pane trough LUA listener/tap?

From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Wed, 07 Oct 2009 17:36:41 -0400
Florian wrote:

Hi

I am using a Listener/tap in LUA to do some logical checks on protocol
level via a third party protocol dissector.

In the packet details pane (of wireshark 1.2.1), some fields could be
auto translated into a Display Filter via the context menu
(right-mouse-function) 'prepare a filter' or 'copy fieldname'. I can
easily access the values via the 'Field.new()' function in LUA.
However some other fields are displayed in the tree view in the packet
details pane, but can't be translated into a Display Filter.
Is there any way to access this data (fieldname seems to be "Text item")
through Lua? I.e. iterating through the dissected tree as displayed in
wireshark? I didn't find any hint in the LUA API or the examples.


If it says "Text item" then that means the field was added (by the 
dissector) via proto_tree_add_text().  That means the field is not 
filterable (which is why we generally discourage the use of that 
function for protocol fields).  Feel free to submit patches against the 
offending dissectors to make those fields filterable :-).

Are you trying to get the filter name or the value of the field (which 
is just text)?  The former is not possible as mentioned above and I 
doubt (but do not know) that the latter is possible.


Additional question: can the content of any column (i.e. info) be read
from LUA?
I was only able to write (append/prepend) some additional text to the
colums in LUA.


I don't think you can read the contents of a column from a built-in 
dissector (or, if it was possible, whether it would be allowed).  What 
information do you need from the column?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: