There are a couple ways: add a ProtoField (which must include a buffer), or add a buffer with a label.
proto_foo = Proto("foo", "Foo Protocol")
proto_foo.fields.bar = ProtoField.uint32("foo.bar", "Bar field")
function proto_foo.dissector(buf, pinfo, tree)
– we need at least 5 bytes…
if buf:len() < 5 then return end
-- Add the first 4 bytes as an unsigned integer.
-- Bytes 0 through 3 will be highlighted when the
-- bar field is selected in the packet details.
tree:add( proto_foo.fields.bar, buf(0, 4) )
-- Add the next byte ad hoc. Byte 4 will be highlighted
-- when this ad-hoc field is selected in the packet
-- details.
tree:add( buf(4, 1), "Ad-hoc byte" )
end
answered 18 May ‘11, 08:09
bstn
375●1●4●15
accept rate: 14%
at first thx for the hint with the buffer(x,y) thats nice. So my code is working now but It look a bit redundancy.
My Code: local F_md5 = ProtoField.string(“http.my.md5”, “MD5: “) local subtreeitem = treeitem:add(http_my_proto, tvbuffer) subtreeitem:set_text(“http post decoded”) subtreeitem:add(F_md5, tvbuffer(1,32), s_info[‘md5’]):set_text(“MD5: " .. s_info[‘md5’])
if I write it that way:
My Code: local F_md5 = ProtoField.string(“http.my.md5”, “MD5: “) local subtreeitem = treeitem:add(http_my_proto, tvbuffer) subtreeitem:set_text(“http post decoded”) subtreeitem:add(F_md5, tvbuffer(1,32), s_info[‘md5’]
then the n in the s_info[‘md5’] is not translated.
btw: how do I mark code as code?
First, you don’t need to add a colon to the
ProtoFielddescription because that’s already done internally. That should beProtoField.string(“http.my.md5”, “MD5”). In your 1st example, there’s no point in using the ProtoField’slabelarg since you’re just going to overwrite the entire tree-item text withset_text. The two examples should produce the same results, assumings_info[‘md5’]is a string. What doess_info[‘md5’]return?Three ways to mark text as code: