 | 1 | initial version |
In case it helps anyone else, I got something that works in both 3.6 and 4.2 by doing a manual mask and shift of the TVB range bytes, and by using TreeItem:add() instead of TreeItem:add_packet_field().
Given a ProtoField pf, a tvb range, a UInt64 mask and a number shift, the following gets the right values for the fields in both Wireshark and tshark:
local item = tree:add(pf, range:uint64():band(mask):rshift(shift))
The byte highlighting in Wireshark doesn't work with this approach since the protofield is added with a value directly.