I am generating display methods for some fields in lua scripts. The example in the documentation at https://wiki.wireshark.org/LuaAPI/TreeItem:
local t = tree:add( proto_foo, buf() )
t:add_le( proto_foo.fields.u16, buf(1,2), 100, nil, "(", nil, "little", 999, nil, "endian", nil, ")" )
suggests that the display will be:
"Unsigned short: 0x6400 ( little endian )"
When I imitate this code with:
proto.fields.packet_type = ProtoField.new("Type", "type", ftypes.UINT8)
function display_type(value)
if value == 0 then
return "Heartbeat"
end
if value == 1 then
return " Start Of Session"
end
if value == 2 then
return "End Of Session"
end
if value == 3 then
return "Application Message"
end
return ""
end
function dissect_packet_type(buffer, offset, packet, parent)
local size = 1
local range = buffer(offset, size)
local value = range:le_int()
local display = display_type(value)
parent:add(proto.fields.type, range, value, display)
return offset + size
end
With the display method I see:
"Heartbeat"
I want it to print like the standard fields so instead I generate the display function as:
function display_type(value)
if value == 0 then
return "Type: Heartbeat (0)"
end
if value == 1 then
return "Type: Start Of Session (1)"
end
if value == 2 then
return "Type: End Of Session (2)"
end
if value == 3 then
return "Type: Application Message (3)"
end
return ""
end
Is my function invalid? Does the documentation need to be updated? Or is this a bug?
Thanks in advance.
asked 18 Nov ‘16, 07:47
william
5●3●3●5
accept rate: 0%
edited 18 Nov ‘16, 07:57
grahamb ♦
19.8k●3●30●206
