Wireshark-users: [Wireshark-users] Reading a zero-terminated string in Lua dissector

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Carsten Fuchs <CarstenFuchs@xxxxxxxxxxx>
Date: Mon, 28 May 2012 23:00:59 +0200
Dear Wireshark group,
I'm currently writing my first Lua dissector for the network protocol of the Cafu game engine (http://www.cafu.de), and would be very grateful for your help:
The presentation at http://sharkfest.wireshark.org/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf got me started very well, and reading fixed-width data works fine. For example (incomplete excerpt): 

    local CafuProto = Proto("Cafu", "Cafu Engine network protocol");

    CafuProto.fields.SequNr = ProtoField.uint32("Cafu.SequNr", "1st sequence number")

    function CafuProto.dissector(buffer, pinfo, tree)
        local subtree = tree:add(CafuProto, buffer())
        local offset  = 0

        subtree:add(CafuProto.fields.SequNr, buffer(offset, 4));
        offset = offset + 4
    end


However, I was wondering how I best read zero-terminated strings?

Of course it is possible to loop over i until
	buffer(offset+i, 1):uint8() == 0
then
	i = i + 1    -- Read the zero as well.
        subtree:add(CafuProto.fields.MyString, buffer(offset, i));
	offset = offset + i

But I was wondering if there is a more direct and/or more elegant way?
Btw., what is the difference between ProtoField.string and ProtoField.stringz as mentioned at http://www.wireshark.org/docs/wsug_html_chunked/lua_module_Proto.html#lua_class_ProtoField ? 

Any help or comments would much be appreciated!

Best regards,
Carsten



--
   Cafu - the open-source Game and Graphics Engine
for multiplayer, cross-platform, real-time 3D Action
          Learn more at http://www.cafu.de