I am testing some network packets of my Organisation's product. We already have custom plugins. I am trying to add some some more fields into those existing plugins (like conversion of 2 byte code to a string and assign it to a field) Thankyou in advance for reading my query. --edit Wireshark version : 2.4.5 (organization's plugins dont work on latest wireshark application) --edit Problem statement: I am able to add field and show value, but fieldname is not displayed as defined. I cannot share the entire .lua file but i will try to explain What i did: Below is the image where I have a field aprint.type . this is a two byte field. In .lua file, for display purpose it is appended with corresponding description using a custom function int_to_enum . I want to add one more proto field aprint.typetext which will show the text. What I did: Added a protofield f_apr_msg_type_txt = ProtoField.string("aprint.typetxt","aprint_type_text") (Tried f_apr_msg_type_txt = ProtoField.string("aprint.typetxt","aprint_type_text",FT_STRING) also) Below the code where subtree aprint.type is shown, added my required field as subtree:add(f_apr_msg_type_txt, msg_type_string) (Below is image of code extract) I am able to see the text but field Name is shown as Wireshark Lua text (_ws.lua.text)

Reputation: 78

Custom wireshark disector shows value but fieldname is not visible using lua

I am testing some network packets of my Organisation's product. We already have custom plugins. I am trying to add some some more fields into those existing plugins (like conversion of 2 byte code to a string and assign it to a field)

Thankyou in advance for reading my query.

--edit

Wireshark version : 2.4.5 (organization's plugins dont work on latest wireshark application)

--edit

Problem statement: I am able to add field and show value, but fieldname is not displayed as defined.

I cannot share the entire .lua file but i will try to explain What i did:

Below is the image where I have a field aprint.type. this is a two byte field. In .lua file, for display purpose it is appended with corresponding description using a custom function int_to_enum.
I want to add one more proto field aprint.typetext which will show the text.

What I did:

Added a protofield f_apr_msg_type_txt = ProtoField.string("aprint.typetxt","aprint_type_text") (Tried f_apr_msg_type_txt = ProtoField.string("aprint.typetxt","aprint_type_text",FT_STRING) also)
Below the code where subtree aprint.type is shown, added my required field as subtree:add(f_apr_msg_type_txt, msg_type_string) (Below is image of code extract)

I am able to see the text but field Name is shown as Wireshark Lua text (_ws.lua.text)

Upvotes: 0

Answers (2)

Gabor Somlai

Reputation: 1

I think you forgot to register the f_apr_msg_type_txt ProtoField into your protocol's "fields" table at initialization. Eg.: table.insert(APrint.fields, f_apr_msg_type_txt)

Upvotes: 0

Christopher Maynard

Reputation: 6264

Normally displaying strings based on numeric values is accomplished by a value string lookup, so you'd have something like so:

local aprint_type_vals = {
    [1] = "Foo",
    [2] = "Bar",
    [9] = "State alarm"
}

f_apr_msg_type = ProtoField.uint16("aprint.type", "Type", base.DEC, aprint_type_vals)
f_apr_msg_type_txt = ProtoField.string("aprint.typetxt","aprint_type_text", base.ASCII)

... then

local msg_type = tvb(offset, 2):le_uint()
subtree:add_le(f_apr_msg_type, tvb(offset, 2))

subtree:add(f_apr_msg_type_txt, tvb(offset, 2), (aprint_type_vals[msg_type] or "Unknown"))

--[[
Alternatively:

subtree:add(f_apr_msg_type_txt, tvb(offset, 2)):set_text("aprint_type_text: " .. (aprint_type_vals[msg_type] or "Unknown"))
--]]

I'm also not sure why you need the extra field with only the text when the text is already displayed with the existing field, but that's basically how you'd do it.

Upvotes: 1

Custom wireshark disector shows value but fieldname is not visible using lua

Answers (2)

Related Questions