Wireshark mailing list archives

Re: Having problems searching Lua dissector data

From: Robert Young <ryoung () datacast com>
Date: Mon, 08 Mar 2010 13:36:26 -0500

Hi Jose,

Thanks for your help.  I had been changing the variable names of fields, 
and hadn't caught all of them when I sent that email out.  I managed to 
get it working.  Good point about byte field length, I'll change that in 
my script.

Thanks again!
Robert


Jose Pedro Oliveira wrote:

On 2010-03-04 19:18, Robert Young wrote:

Hi there,

I'm trying to write my first Lua dissector for Wireshark.  I have a 
really simple dissector set up which I attached below.  It populates the 
data tree alright, but I would like to be able to search on the field I 
defined, wc.packetid.  wc.packetid shows up as a searchable type in the 
expression field, but doesn't seem to be populated.  Could someone tell 
me what I'm missing?

Thanks!
Rob Y


-- trivial protocol example
-- declare our protocol
trivial_proto = Proto("WC","WC Protocol")
-- create a function to dissect it

xdPacketFieldProto = ProtoField.uint32("wc.packetid", "Packet ID")

trivial_proto.fields = {wcPacketFieldProto}

function trivial_proto.dissector(buffer,pinfo,tree)
    pinfo.cols.protocol = "XC"
    local subtree = tree:add(trivial_proto,buffer(),"WC Protocol")
    subtree:add(ProtoField.uint32("xd.packetid", "Packet ID"),"Protocol 
Type is: " .. buffer(15,1):uint())
end


Robert,

You appear to have several problems in the above Lua code. Starting
by the typos:

 * What is the name of the field?

     wc.packetid versus wd.packetid

 * What is the name of the protofield variable?

     xdPacketFieldProto versus wcPacketFieldProto

Other problems:

 * You probably want the subtree:dd line to be something like

     subtree:add( xdPacketFieldProto, buffer(15, 1) )

 * What is the size of the field?

    4 bytes (based on ProtoField.uint32) ?  or
    1 byte (based on buffer(15,1):uint()) ?


Regards,
jpo



-- 
*Robert Young | Software Developer*
International Datacasting Corporation | www.datacast.com 
<http://www.datacast.com/>
50 Frank  Nighbor Place | Kanata, Ontario  Canada K2V 1B9
tel: (613) 596-4120 x2277  | fax: (613) 596-2335
_ryoung@datacast.com_

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Having problems searching Lua dissector data Robert Young (Mar 04)
- Re: Having problems searching Lua dissector data Jose Pedro Oliveira (Mar 04)
  - Re: Having problems searching Lua dissector data Robert Young (Mar 08)