How to convert le_nstime() to string in Lua

0

How do I convert TvbRange.le_nstime() to a string? I tried the following Lua:

local field_time = ProtoField.absolute_time("TIME","TIME",base.LOCAL);
...
function SCP_proto.dissector (buf, pkt, root){
 local value={
    [0] =0,
    [1] =0,
    [2] =0
  }
  ...
  for i=0,2,1 do
     ...
     local example_subtree = subtree:add(field_time,buf(offset,8):le_nstime());
     value[i] = tostring(buf(offset,8):le_nstime());
     ...
  end
}

...but value[i] = tostring(buf(offset,8):le\_nstime()) does not work the way I expected. The time format of value[i] is in seconds ("1336188353.000000150") instead of "Month|Day|Year|Time" format ("May 5, 2012 07:25:53.000000150"). However, in the Packet Details Pane, I see "May 5, 2012 07:25:53.000000150" as expected.

How can I get a formatted time-string from le_nstime() like the one I see in the protocol tree?

Wireshark 1.7, Win 7, Lua 5.1

This question is marked "community wiki".

asked 05 Jun '12, 03:24

PavelMSTU's gravatar image

PavelMSTU
26236
accept rate: 50%

edited 05 Jun '12, 16:15

helloworld's gravatar image

helloworld
2.6k21739
One Answer:
oldestnewestmost voted
1

You're looking for format_date (or format_time), as in:

  -- First, convert the NSTime to a string (which yields a decimal number).
  -- Then, convert that string into a Lua number, required by format_date().
  local seconds = tostring(buf(offset,8):le_nstime())
  seconds = tonumber(seconds)
  value[i] = format_date(seconds)

But I should point out some other things about your sample code above:

  1. There is no base.LOCAL (despite the documentation in the Wireshark user manual...this is a bug). Since it doesn't exist, base.LOCAL is equivalent to nil.

  2. You don't need to initialize a table with zeroes. You can simply declare the table with empty brackets, and Lua is smart enough to know what to do when you index into the table with: value[i]. (Or maybe there's omitted code that actually checks these indices for zero...weird.)

    local value = {}

  3. You don't need to convert the TvbRange into an NSTime when adding it to the tree because field_time is a ProtoField.absolute_time, which is inherently an NSTime. The endianness of the buffer is implied by TreeItem.add() and TreeItem.add_le() (you want add_le() in this case).

    local example_subtree = subtree:add_le(field_time, buf(offset,8));

link

answered 05 Jun '12, 17:08

helloworld's gravatar image

helloworld
2.6k21739
accept rate: 27%

edited 05 Jun '12, 18:40

Helloworld, very thenks to you!

But code:

local seconds = tostring(buf(offset,8):le_nstime())

seconds = tonumber(seconds)

value[i] = format_date(seconds)

don't work. Because tonumber function return nil.

I think this mistake arises, because 8 byte double can't converted in Lua. This code works correctly:

local seconds = tostring( buf(offset,4):le_nstime());

seconds = string.sub(seconds,0,10); --[[ Return 10 numbers of seconds, from January 1, 1970 ]]--

seconds = tonumber(seconds);

value[i] = format_date(seconds);

(06 Jun '12, 00:52) PavelMSTU

Actually, an NSTime can be either 4 or 8 bytes. You lose precision with 4 bytes. tonumber() only returns nil for non-convertible strings. The tostring() conversion could've returned a non-convertible string (perhaps nil), which would indicate a problem with the buffer contents.

You don't need to parse out the seconds from the string since tonumber() handles floating-point numbers.

(06 Jun '12, 07:39) helloworld
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×121

Asked: 05 Jun '12, 03:24

Seen: 851 times

Last updated: 06 Jun '12, 07:39

Related questions

Lua Examples to parse custom headers inside GRE

Lua listener, dynamic fields

Are there "tcp.srcport" or "tcp.dstport" dissector tables?

how to read a specific octet from the dest IP in Lua

Dissector for org specific TLVs in the 802.3 OAM protocol

run more than one Lua file simultaneously with tshark

Running tshark as a root, dofile file is disabled problem

Custom Tag Dissector in LUA

What languages will I need to deal with in order to make a plugin?

Software Developer

about | faq | privacy | support | contact

powered by OSQA