Hello, I'm a recent convert from a C based dissector to Lua to help ease the installation for our Windows users. :)
Is it possible to get the value from a proto field that has already been defined? Or must I grab the data from the buffer? For instance...
foo_proto = Proto("foo","Foo Proto") local foo = foo_proto.fields foo.pdu = ProtoField.uint8("foo.pdutype", "PDU Type", base.HEX, PDU_TYPES) ... subtree:add(foo.pdu, buffer(offset,1)); offset = offset + 1;
From here, I ultimately call into a more detailed parser function depending on various fields in the header. I may want to do something like pinfo.cols.append(string.format(" PDU Type: %d", foo.pdu:uint())) but I get an error.
The primary problem is that our proto has a common header field of 20 bytes that I don't necessarily want to add text to the table, but in the later, more discrete parsers I would. I have the whole buffer in my helper functions, but it sure would be nice and convenient if I could somehow use the protofield I've defined to pull/retrieve data.
Secondly, I'm a bit new to the Wireshark/Lua interface. Is there an easier way to debug your scripts and make changes? Right now I'm doing it the good ol' college way - make changes, open wireshark, see if it worked, if not, kill wireshark, make changes, recapture, repeat ad naseum. Is there a way to reload my script via dofile() on the evaluate line? I get duplicate proto errors when doing so.
asked 01 Dec '10, 07:40
edited 01 Dec '10, 07:45