 | 1 | initial version |
There is no built-in function for this. You would need to test each bit using bit operations (See http://bitop.luajit.org/), and then format the string using treeitem:set_text() and/or treeitem:append_text(). If you need to format a string beforehand, you can use string.format(), then pass that string to treeitem:set_text(), etc.
For example, to add the destination LG bit to the tree in another "protocol", FOO, shown here as a Lua postdissector:
local p_foo = Proto("foo", "FOO")
local f_foo_dst_lg = ProtoField.bool("foo.dst.lg", "Dst LG Bit")
p_foo.fields = { f_foo_dst_lg }
local f_eth_dst = Field.new("eth.dst")
local lg_strs = {
[0] = "Globally unique address (factory default)",
[1] = "Locally administered address (this is NOT the factory default)"
}
function p_foo.dissector(buf, pinfo, tree)
local eth_dst_ex = f_eth_dst()
local eth_dst_tvb
local eth_dst_lg
if eth_dst_ex == nil then
return
end
local foo_tree = tree:add(p_foo, buf(0, -1))
pinfo.cols.protocol:set("FOO")
eth_dst_tvb = eth_dst_ex.range
eth_dst_lg = bit.rshift(bit.band(eth_dst_tvb(0, 1):uint(), 0x02), 1)
foo_tree:add(f_foo_dst_lg, eth_dst_lg):set_text(
"Dst LG Bit: .... .. " .. eth_dst_lg .. ". .... .... .... .... = " ..
lg_strs[eth_dst_lg]
)
end
register_postdissector(p_foo)
Here, I didn't bother using string.format(), but if you're printing lots of flags and bitfields, then it might be useful to do so.
Refs:
- https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Tree.html
- https://www.lua.org/pil/20.html