Ask Your Question
0

Lua ProtoField.ipv4 input data syntax

asked 2022-07-26 20:38:55 +0000

Markku gravatar image

I'm writing a dissector in Lua (https://github.com/markkuleinio/wires...) and trying to use a ProtoField.ipv4 field. The problem is that the value is not from a TVB buffer (so I cannot use the usual buffer(x, y) syntax) but inside the data (maybe uncompressed or otherwise generated), and I cannot figure out the correct data syntax to use tree:add(p_addr, ipv4addr) (where ipv4addr is the IPv4 address in whatever format is required).

The error message in Wireshark is "userdata expected, got string" (or whatever syntax I try).

The original data is an IPv4 address as dotted decimal string ("10.1.2.3"), but I've also tried to use it as converted to uint32 (generated with a string.gmatch() loop), or as an array of bytes (bytes[1] = 10, bytes[2] = 1, ...). Any ideas how should I format the data so that a can add that value to the dissector tree?

Markku

edit retag flag offensive close merge delete

Comments

Oh, the day has been long and I only now found this: https://osqa-ask.wireshark.org/questi...

local b = ByteArray.new(decipheredFrame) local bufFrame = ByteArray.tvb(b, "My Tvb")

I'll try that tomorrow.

Markku gravatar imageMarkku ( 2022-07-26 20:52:19 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2022-07-26 21:13:25 +0000

Chuckc gravatar image

Here's an example using EASYPOST.lua from the Wireshark wiki Lua examples.

-- Step 3 - add some field(s) to Step 2 protocol
local pf = {    payload = ProtoField.string("easypost.payload", "EASYPOST data"),
                address = ProtoField.ipv4("easypost.address", "EASYPOST address") }

easypost_p.fields = pf
...
        subtree:add(pf.address, Address.ipv4("10.20.30.40"))

The Address class is covered in the WSDG.

edit flag offensive delete link more

Comments

Thanks! It works great. I somehow totally overlooked the Address class in WSDG. I'll publish the updated dissector code in GitHub later today.

Hmm, the EASYPOST.luaI now downloaded in https://wiki.wireshark.org/lua#examples does not have the lines you showed, why is that? The link is: https://wiki.wireshark.org/uploads/6f...

Markku

Markku gravatar imageMarkku ( 2022-07-27 06:42:49 +0000 )edit

Sorry I wasn't clear on that. I use EASYPOST as a start point and tweak for examples. Address is pretty useful and this example would work for all users since the IP address string is hard coded. Maybe I'll update to include this and repost to the wiki.

wslua is well documented but not in a particularly useful order in the WSDG. I built an index of all the classes/methods/functions that may (or may not) be useful. See Wireshark's Lua API on the Wiki.

Chuckc gravatar imageChuckc ( 2022-07-27 13:04:28 +0000 )edit

Gotcha, thanks again.

Markku gravatar imageMarkku ( 2022-07-27 13:32:40 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-07-26 20:38:55 +0000

Seen: 511 times

Last updated: Jul 26 '22