This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Getter for ProtoField in Lua

0

Hi,

I'm a newbie in Lua and I work on a dissector plugin. At the beginning, I created a ProtoField with a certain type :

local var1 = ProtoField.uint8 ( "my.ID1" , "my interesting string" , base.HEX )

However, for some reason, I would like to change the type of ProtoField sometimes. I don't think it's possible to change the type of var1 so my idea is to create a new one, using the string from the first one :

local var2 = ProtoField.string ( "my.ID2" , var1.getMyInterestingString())

Unfortunately, I didn't find anywhere how to reach attributes of the first Protofield. Do you know if it is possible ?

Thanks in advance

This question is marked "community wiki".

asked 06 Jul '17, 06:04

MattJuillet's gravatar image

MattJuillet
11225
accept rate: 0%


One Answer:

0

Incidentally, @JeffMorriss' answer to my question should solve your ultimate goal, although not exactly your question.

answered 06 Jul '17, 06:21

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Thank you for the link. It means I can "override" an existing ProtoField with another type, which is interesting to me !

However, to do that, I need to know the string in the first object, what I don't. With your help, now I know I can do that : local var1 = ProtoField.uint8 ( "my.ID1" , "my interesting string") ... local var2 = ProtoField.string( "my.ID1" , ??? )

But, how can I get the string from the first object ?

(06 Jul '17, 06:43) MattJuillet

I am not sure I understand why would you want to extract the string (the "abbr" in this case) from the definition of the first ProtoField if it was you who has put it there, so you can just use the same string for both ProtoFields?

(06 Jul '17, 06:48) sindy

The hypothesis is that I don't know the description of the protofield, and I want to get it to create a new one (or update the first one). That's why I try to find a "getter" to do that, or a way to change the type without knowing the description.

Sorry if I wasn't clear at the beginning.

(06 Jul '17, 06:57) MattJuillet
1

By defning another ProtoField with same name and abbr and different type you do not affect the previous one in any way, it still exists. What you can do afterwards is that, depending on the type you need, you choose the appropriate one of your ProtoFields to add to the dissection tree. So they share the name as seen from outside (when writing display filters), but they remain distinct in terms of handling in your dissector. I've never tried how a display filter evaluation handles fields with same name but different type e.g. in comparison (e.g. how my_elem == "12" is evaluated when the actual type of my_elem in the dissection tree is uint8).

There is the Field function which you may use to access value and other attributes, including name and type, of a ProtoField contributed by another dissector (even an embedded one), but you have to know its abbr (i.e. the sring used to refer to it in display filter syntax).

(06 Jul '17, 07:24) sindy

Thank you for all these explanations, it's very useful to me!

I'm going to try it and I'll tell you if it works ;)

(06 Jul '17, 08:05) MattJuillet
1

BTW, if you have trouble to find out how to use Field.new, a short code which uses extraction of already dissected protocol fields is in my answer to this question.

(06 Jul '17, 10:18) sindy

Thank you for your help! Unfortunately, I can't use Field because, as you said earlier, we need to know the abbr, and I don't in my case. The only thing I have is the first ProtoField object, without knowing anything inside.

I'll find another way, no problem!

(07 Jul '17, 05:23) MattJuillet
showing 5 of 7 show 2 more comments