Hi!
I'm making a custom wireshark dissector (in LUA), but I have a problem.
The protocol is for a TIPC cluster, so it uses the host byte order
(little endian in our case) but when I add fields to the protocol tree
it seems that all the fields are interpreted as big endian.
Is there any way to change that behavior?
What I specifically do is:
local pf = ProtoField.uint32('myproto.somefield', 'Some Field')
function dissect(buffer, pinfo, tree)
local subtree = tree:add(proto, buffer(), "My Protocol")
subtree:add(pf, buffer(0, 4))
end
I think, speaking in C, this is something like:
static int hf_somefield = -1;
static hf[] = {
{ &hf_somefield,
{ "Some Field", "myproto.somefield",
FT_UINT32, BASE_DEC,
NULL, 0x0,
NULL, HFILL }
}
};
// etc.
But I still can't find a way to tell (looked at FT_* and BASE_*
constants) wireshark to interpret the field as little endian.
Any ideas on how to do that?
TIA.