Wireshark-dev: Re: [Wireshark-dev] lua decoder accessing info from layers above

From: "Maynard, Chris" <Christopher.Maynard@xxxxxxx>
Date: Wed, 14 Oct 2020 15:34:14 +0000
> From: Wireshark-dev <wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of chuck c
> Sent: Wednesday, October 14, 2020 10:33 AM
> To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
> Subject: Re: [Wireshark-dev] lua decoder accessing info from layers above
>
> local p_foo = Proto.new("foo", "foo")
> local f_frame_protocols = Field.new("frame.protocols")
>
> function p_foo.dissector(buf, pinfo, tree)
>    print(pinfo.number, "Protocols: " .. (f_frame_protocols() and f_frame_protocols().value or "Unknown"))
> --    print(pinfo.number, f_frame_protocols().value)
> end
>
> register_postdissector(p_foo)
>
> Script above prints to the Lua console.
> What was the situation where it doesn't work?

It works as a post-dissector, but not as a registered dissector.  For example, replace:

    register_postdissector(p_foo)

with something like so, replacing the port number with whatever you can easily test with:

    local udp_table = DissectorTable.get("udp.port")
    udp_table:add(33333, p_foo)

Yet you can access and print other frame fields such as "frame.len" and "frame.cap_len".
- Chris











CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.