Wireshark mailing list archives
Re: lua decoder accessing info from layers above
From: chuck c <bubbasnmp () gmail com>
Date: Wed, 14 Oct 2020 09:33:00 -0500
local p_foo = Proto.new("foo", "foo")
local f_frame_protocols = Field.new("frame.protocols")
function p_foo.dissector(buf, pinfo, tree)
print(pinfo.number, "Protocols: " .. (f_frame_protocols() and
f_frame_protocols().value or "Unknown"))
-- print(pinfo.number, f_frame_protocols().value)
end
register_postdissector(p_foo)
Script above prints to the Lua console.
What was the situation where it doesn't work?
On Tue, Oct 13, 2020 at 12:45 PM Maynard, Chris via Wireshark-dev <
wireshark-dev () wireshark org> wrote:
From: Wireshark-dev <wireshark-dev-bounces () wireshark org> On Behalf OfFulko HewSent: Monday, October 12, 2020 8:00 PM To: Developer support list for Wireshark <wireshark-dev () wireshark org> Subject: [Wireshark-dev] lua decoder accessing info from layers above I'm trying to update/improve someone else's decoder written in Lua. It's for a simple UDP (and TCP) based protocol. But I need to be able to get access to the upper layer to be able to decode it easily. Can someone provide an example of how to determine if the higher layerwas UDP or TCP?Thanks FulkoI was going to suggest a possible alternative solution which would be to grab "frame.protocols" and scan it for udp or tcp, but unfortunately this method doesn't work. For example: local f_frame_protocols = Field.new("frame.protocols") function p_foo.dissector(buf, pinfo, tree) print("Protocols: " .. (f_frame_protocols() and f_frame_protocols().value or "Unknown")) end I suspect this has something to do with it being a generated field, but this looks like a Wireshark bug to me, unless someone can explain why this doesn't and shouldn't be expected to work. - Chris CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- lua decoder accessing info from layers above Fulko Hew (Oct 12)
- Re: lua decoder accessing info from layers above John Thacker (Oct 12)
- Re: lua decoder accessing info from layers above Guy Harris (Oct 12)
- Re: lua decoder accessing info from layers above Fulko Hew (Oct 15)
- Re: lua decoder accessing info from layers above Graham Bloice (Oct 16)
- Re: lua decoder accessing info from layers above Maynard, Chris via Wireshark-dev (Oct 13)
- Re: lua decoder accessing info from layers above chuck c (Oct 14)
- Re: lua decoder accessing info from layers above Maynard, Chris via Wireshark-dev (Oct 14)
- Re: lua decoder accessing info from layers above Martin Kaiser (Oct 21)
- Re: lua decoder accessing info from layers above chuck c (Oct 14)
- Re: lua decoder accessing info from layers above John Thacker (Oct 12)
- <Possible follow-ups>
- Re: lua decoder accessing info from layers above qiangxiong.huang (Oct 14)
- Re: lua decoder accessing info from layers above Maynard, Chris via Wireshark-dev (Oct 14)