Wireshark-dev: Re: [Wireshark-dev] How to evaluate hex/ebcdic packet data LUA

From: Jerry White <jerrywhite518@xxxxxxxxx>
Date: Mon, 24 Oct 2016 07:31:55 -0700
You, sir, are my new hero. It all works. Thank you!

Jerry

On Sun, Oct 23, 2016 at 11:48 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
That won't work for EBCDIC.

All strings are kept as UTF-8 internally to Wireshark; this means that Wireshark translates them from the character encoding in the packet to UTF-8, and therefore that Wireshark must be told what the encoding for the field is.

Therefore, you should do

        tree:add_packet_field(pf_mgi_flag, tvbuf:range(19,1), ENC_EBCDIC)

to add it to the protocol tree.

To fetch the actual string, you'd need to do

        local mgi_flag = tvbuf:range(19,1)
        local info_mgi_flag = mgi_flag:string(ENC_EBCDIC)