Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2021-06-20 05:24:30 +0000

Chuckc gravatar image

Here is a doctored up version of the original Lua above.

The syntax changes are from looking through the Lua Examples on the Wireshark wiki. 

f_http2_type = Field.new("http2.type")
rpc_pd = Proto("rpc_ext","rpc dissector")

function rpc_pd.dissector(buffer,pinfo,tree)

    finfos = { f_http2_type() }

    for _, rpc_msg_field in ipairs(finfos) do

        io.write(pinfo.number)
        io.write(": ")
        if (rpc_msg_field.value == 0x00) then
            io.write("Type: Data\n")
        elseif (rpc_msg_field.value == 0x01) then
            io.write("Type: Header\n")
        else
            io.write("Type: ")
            io.write(rpc_msg_field.value)
            io.write("\n")
        end
    end
end

register_postdissector(rpc_pd)

Here is a doctored up version of the original Lua above.

The syntax changes are from looking through the Lua Examples on the Wireshark wiki. 

f_http2_type = Field.new("http2.type")
rpc_pd = Proto("rpc_ext","rpc dissector")

function rpc_pd.dissector(buffer,pinfo,tree)

    finfos = { f_http2_type() }

    for _, rpc_msg_field in ipairs(finfos) do

        io.write(pinfo.number)
        io.write(": ")
        if (rpc_msg_field.value == 0x00) then
            io.write("Type: Data\n")
        elseif (rpc_msg_field.value == 0x01) then
            io.write("Type: Header\n")
        else
            io.write("Type: ")
            io.write(rpc_msg_field.value)
            io.write("\n")
        end
    end
end

register_postdissector(rpc_pd)

The field `http2.type` can occur (Wireshark uses the term "occurrence". In SNMP it's similar to a multi-instance OID) multiple times in a packet. From the wiki example code:
  57         -- extract the field into a table of FieldInfos
  58         finfos = { field() }

Then iterate over the array members:
66 for _, finfo in ipairs(finfos) do

Here is a doctored up version of the original Lua above.

The syntax changes are from looking through the Lua Examples on the Wireshark wiki. 

f_http2_type = Field.new("http2.type")
rpc_pd = Proto("rpc_ext","rpc dissector")

function rpc_pd.dissector(buffer,pinfo,tree)

    finfos = { f_http2_type() }

    for _, rpc_msg_field in ipairs(finfos) do

        io.write(pinfo.number)
        io.write(": ")
        if (rpc_msg_field.value == 0x00) then
            io.write("Type: Data\n")
        elseif (rpc_msg_field.value == 0x01) then
            io.write("Type: Header\n")
        else
            io.write("Type: ")
            io.write(rpc_msg_field.value)
            io.write("\n")
        end
    end
end

register_postdissector(rpc_pd)

The field `http2.type`

http2.type can occur in a packet multiple times (Wireshark uses the term "occurrence". In SNMP it's similar to a multi-instance OID) multiple times in a packet. OID). From the wiki example code:

 
  57         -- extract the field into a table of FieldInfos
  58         finfos = { field() }

Then iterate over the array members:
66 for _, finfo in ipairs(finfos) do

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2