This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

lua dissector: udp port as userdata and not number

0

hallo, I have modified the simple example found in wiki:

-- trivial protocol example
-- declare our protocol
trivial_proto = Proto("trivial","Trivial Protocol")

udp_src_f = Field.new("udp.srcport") udp_dst_f = Field.new("udp.dstport")

– create a function to dissect it function trivial_proto.dissector(buffer,pinfo,tree) local udp_src = udp_src_f() local udp_dst = udp_dst_f()

if udp_src==8002 then
    pinfo.cols.protocol = "PBUS_RESP"
end

if udp_dst==8002 then
    pinfo.cols.protocol = "PBUS_REQ"
end

local subtree = tree:add(trivial_proto,buffer(),"Trivial Protocol Data")
subtree:add(buffer(0,2),"port: " .. tostring(udp_src) .. "->" .. tostring(udp_dst) .. " ::: type " .. type(udp_dst))
subtree:add(buffer(0,2),"The first two bytes: " .. buffer(0,2):uint())
subtree = subtree:add(buffer(2,2),"The next two bytes")
subtree:add(buffer(2,1),"The 3rd byte: " .. buffer(2,1):uint())
subtree:add(buffer(3,1),"The 4th byte: " .. buffer(3,1):uint())

end – load the udp.port table udp_table = DissectorTable.get("udp.port") – register our protocol to handle udp port 7777 udp_table:add(8002,trivial_proto)

udp_src and udp_dst are userdata and the “if” are avways false. Why udp_src and udp_dst are userdata, and how to “cast” them to number?

best regards

Max

asked 29 Aug ‘16, 03:08

mastupristi's gravatar image

mastupristi
11114
accept rate: 0%


One Answer:

1

Use

local udp_src = udp_src_f().value
local udp_dst = udp_dst_f().value

The functions defined using Field.new provide access to the whole structure of the field, which contains several information values. You need to choose the value one.

answered 29 Aug '16, 05:33

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 29 Aug '16, 06:09