Wireshark-users: Re: [Wireshark-users] Having problems searching Lua dissector data
On 2010-03-04 19:18, Robert Young wrote:
> Hi there,
>
> I'm trying to write my first Lua dissector for Wireshark. I have a
> really simple dissector set up which I attached below. It populates the
> data tree alright, but I would like to be able to search on the field I
> defined, wc.packetid. wc.packetid shows up as a searchable type in the
> expression field, but doesn't seem to be populated. Could someone tell
> me what I'm missing?
>
> Thanks!
> Rob Y
>
>
> -- trivial protocol example
> -- declare our protocol
> trivial_proto = Proto("WC","WC Protocol")
> -- create a function to dissect it
>
> xdPacketFieldProto = ProtoField.uint32("wc.packetid", "Packet ID")
>
> trivial_proto.fields = {wcPacketFieldProto}
>
> function trivial_proto.dissector(buffer,pinfo,tree)
> pinfo.cols.protocol = "XC"
> local subtree = tree:add(trivial_proto,buffer(),"WC Protocol")
> subtree:add(ProtoField.uint32("xd.packetid", "Packet ID"),"Protocol
> Type is: " .. buffer(15,1):uint())
> end
Robert,
You appear to have several problems in the above Lua code. Starting
by the typos:
* What is the name of the field?
wc.packetid versus wd.packetid
* What is the name of the protofield variable?
xdPacketFieldProto versus wcPacketFieldProto
Other problems:
* You probably want the subtree:dd line to be something like
subtree:add( xdPacketFieldProto, buffer(15, 1) )
* What is the size of the field?
4 bytes (based on ProtoField.uint32) ? or
1 byte (based on buffer(15,1):uint()) ?
Regards,
jpo
--
José Pedro Oliveira
* mailto:jpo@xxxxxxxxxxxx *
