Wireshark-dev: [Wireshark-dev] Getting Lua dissector to work with the display filter
Similar to this thread, but in lua versus c:
http://www.wireshark.org/lists/wireshark-dev/200701/msg01384.htmlHi,
I'm trying to get a Lua dissector to work with the display filters. I've had partial success. The new protocol and associated fields show up in the Filter Expressions dialog. When you enter "
myproto.ver == 1" the entry box is green, so it would appear wireshark is happy with the syntax. Problem is no packets are displayed. Also is you right click on the myproto version in the decode tree and select "Apply Filter As" the display filter shows as "frame[54:1] == 01" instead of "
myproto.ver == 01"
Here's the part of the code where I initialize the fields:
my_proto = Proto( "myproto", "MINE", "My Protocol" )
ver_F = ProtoField.uint8( "myproto.ver", "Version" )
mtype_F = ProtoField.uint8( "myproto.mtype", "Message Type" )
grp_F = ProtoField.uint16( "myproto.seq", "Sequence" )
ipmtc_proto.fields = { ver_F, mtype_F, grp_F }The wiki examples show using
Proto.fields = ProtoFieldArray(
ver_F, mtype_F, grp_F ) but this appears to have been deprecated (it's not in the *wslua.h files now) , so I tried to manually populate the
Proto.field with a Lua table of the fields. Not sure if this is correct.
Any pointers would be appreciated.
Thanks.
-Scott