Wireshark-users: Re: [Wireshark-users] Lua Field API and multiple occurences
From: Hadriel Kaplan <hadrielk@xxxxxxxxx>
Date: Sat, 5 Apr 2014 00:10:45 -0700 (PDT)
Actually, if I recall right... when you call the Field, you should be getting all the FieldInfo objects - you're just only keeping the first one in your script. (or keeping the first one's value, depending on how you wrote the script)
Can you show the details inside the tap.packet() function in your script?
Is it something like:
-- get the FieldInfo and call it to get its value
local rsl = rsl_field()()
or
-- get the FieldInfo
local rsl_finfo = rsl_field()
-- get its value or ""
local rsl = rsl_finfo and rsl_finfo() or ""
Is it something like one of those examples above?
If so, what's happening is you're getting back one or more FieldInfo objects, but since you've only got a single variable "rsl_finfo", you're only keeping the first returned one. (or in the first example, only calling the first returned one)
So you should do something like this instead:
local rsl_finfos = { rsl_field() }
for i,rsl_finfo in ipairs(rsl_finfos) do
local rsl = rsl_finfo()
if rsl == "46" then
-- do whatever here
end
end
-hadriel
p.s. I generally don't recommend getting the FieldInfo and calling it for its value at the same time, as in 'rsl_field()()', simply because it would result in a Lua run-time error if it turned out there was not such FieldInfo in the packet, but since you've set a filter you'd be safe I think. (besides this is just an email :)
On Saturday, April 5, 2014 2:38 AM, Holger Freyther <holger@xxxxxxxxxxx> wrote:
Good Morning,
I am currently writing an analysis script in Lua for GSM Abis RSL. For
releasing a radio channel there is a "RF Channel Release" command and
a "RF Channel Release ACK" response. I want to calculate the time that
passed between these two.
Currently I am doing:
local tap = Listener.new("ip", "gsm_abis_rsl.msg_type == 0x2e ||
gsm_abis_rsl.msg_type == 0x33 ")
local ip_src_field = Field.new("ip.src")
local ip_dst_field = Field.new("ip.dst")
local frame_field = Field.new("frame.number")
local time_field = Field.new("frame.time_epoch")
local rsl_field = Field.new("gsm_abis_rsl.msg_type")
local cbits_field = Field.new("gsm_abis_rsl.ch_no_Cbits")
local ts_field = Field.new("gsm_abis_rsl.ch_no_TN")
local connections = {}
tap.packet(pinfo,tvb,ip)
if rsl == "46" then
handle_release(....)
elseif rsl == "51" then
handle_release_ack(...)
end
end
My issue is that using this approach I can miss RSL packets. The
equipment we have is using TCP/IP to transport the rsl messages
and there is a small header (16 bit length, one byte tag) in front
of each of the RSL messages.
What happens from time to time is that inside a single frame and
TCP packet there are multiple RSL messages. And when this happens
rsl_field() will only give me value of the first RSL message.
Is there a way to get all the values?
holger
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
I am currently writing an analysis script in Lua for GSM Abis RSL. For
releasing a radio channel there is a "RF Channel Release" command and
a "RF Channel Release ACK" response. I want to calculate the time that
passed between these two.
Currently I am doing:
local tap = Listener.new("ip", "gsm_abis_rsl.msg_type == 0x2e ||
gsm_abis_rsl.msg_type == 0x33 ")
local ip_src_field = Field.new("ip.src")
local ip_dst_field = Field.new("ip.dst")
local frame_field = Field.new("frame.number")
local time_field = Field.new("frame.time_epoch")
local rsl_field = Field.new("gsm_abis_rsl.msg_type")
local cbits_field = Field.new("gsm_abis_rsl.ch_no_Cbits")
local ts_field = Field.new("gsm_abis_rsl.ch_no_TN")
local connections = {}
tap.packet(pinfo,tvb,ip)
if rsl == "46" then
handle_release(....)
elseif rsl == "51" then
handle_release_ack(...)
end
end
My issue is that using this approach I can miss RSL packets. The
equipment we have is using TCP/IP to transport the rsl messages
and there is a small header (16 bit length, one byte tag) in front
of each of the RSL messages.
What happens from time to time is that inside a single frame and
TCP packet there are multiple RSL messages. And when this happens
rsl_field() will only give me value of the first RSL message.
Is there a way to get all the values?
holger
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] Lua Field API and multiple occurences
- From: Holger Freyther
- [Wireshark-users] Lua Field API and multiple occurences
- Prev by Date: [Wireshark-users] Lua Field API and multiple occurences
- Next by Date: [Wireshark-users] Wireshark 1.11.3 is now available
- Previous by thread: [Wireshark-users] Lua Field API and multiple occurences
- Next by thread: [Wireshark-users] Wireshark 1.11.3 is now available
- Index(es):