Wireshark-users: Re: [Wireshark-users] Having problems searching Lua dissector data
Hi Jose,
Thanks for your help. I had been changing the variable names of fields,
and hadn't caught all of them when I sent that email out. I managed to
get it working. Good point about byte field length, I'll change that in
my script.
Thanks again!
Robert
Jose Pedro Oliveira wrote:
On 2010-03-04 19:18, Robert Young wrote:
Hi there,
I'm trying to write my first Lua dissector for Wireshark. I have a
really simple dissector set up which I attached below. It populates the
data tree alright, but I would like to be able to search on the field I
defined, wc.packetid. wc.packetid shows up as a searchable type in the
expression field, but doesn't seem to be populated. Could someone tell
me what I'm missing?
Thanks!
Rob Y
-- trivial protocol example
-- declare our protocol
trivial_proto = Proto("WC","WC Protocol")
-- create a function to dissect it
xdPacketFieldProto = ProtoField.uint32("wc.packetid", "Packet ID")
trivial_proto.fields = {wcPacketFieldProto}
function trivial_proto.dissector(buffer,pinfo,tree)
pinfo.cols.protocol = "XC"
local subtree = tree:add(trivial_proto,buffer(),"WC Protocol")
subtree:add(ProtoField.uint32("xd.packetid", "Packet ID"),"Protocol
Type is: " .. buffer(15,1):uint())
end
Robert,
You appear to have several problems in the above Lua code. Starting
by the typos:
* What is the name of the field?
wc.packetid versus wd.packetid
* What is the name of the protofield variable?
xdPacketFieldProto versus wcPacketFieldProto
Other problems:
* You probably want the subtree:dd line to be something like
subtree:add( xdPacketFieldProto, buffer(15, 1) )
* What is the size of the field?
4 bytes (based on ProtoField.uint32) ? or
1 byte (based on buffer(15,1):uint()) ?
Regards,
jpo
--
*Robert Young | Software Developer*
International Datacasting Corporation | www.datacast.com
<http://www.datacast.com/>
50 Frank Nighbor Place | Kanata, Ontario Canada K2V 1B9
tel: (613) 596-4120 x2277 | fax: (613) 596-2335
_ryoung@datacast.com_