I’m having trouble extracting ipv6 fields (e.g. ipv6.src) using tshark and Lua.
There’s no problem with tshark because it successfully extracts ipv6.src etc. (e.g. tshark –r %1 -e ip.src -e ipv6.src -Tfields -E separator=, ). Rather, the problem arises when tshark is fed a Lua script (e.g. tshark -q -r %1 -X lua_script:LuaScript.lua)
The essence of the Lua script is shown below:
For ipv6 packets, nothing gets written into foo_tbl.ipv6.src and its content remains nil. Other fields (are extracted successfully and no problem extracting ipv4 fields.
So, unless there’s another step required for ipv6 I’m led to believe the problem rests with the Lua API (?)
It appears that the link below is related (?): https://ask.wireshark.org/questions/23519/ipv6-dissecting-throws-lua-ft-not-yet-supported-error-why
There’s no evidence of a bug being raised. If it is a real issue (not due to method) it seems a fairly big shortcoming.
Thanks and Regards,
asked 23 Sep ‘16, 00:15