 | 1 | initial version |
Below is a working example of adding a 64-bit value to a tree, as well as grabbing the 64-bit value to do something else with it - in this case, adding it to the Info column:
-- Protocol
local p_foo = Proto("foo", "FOO Protocol")
-- Fields
local f_foo_val8 = ProtoField.uint8("foo.val8", "Value 8", base.OCT)
local f_foo_val64 = ProtoField.uint64("foo.val16", "Value 64", base.DEC)
p_foo.fields = { f_foo_val8, f_foo_val64 }
-- Dissection
function p_foo.dissector(buf, pinfo, tree)
local foo_tree = tree:add(p_foo, buf(0,-1))
local val64
pinfo.cols.protocol:set("FOO")
foo_tree:add(f_foo_val8, buf(0, 1))
foo_tree:add(f_foo_val64, buf(1, 6))
val64 = buf(1, 6):uint64()
pinfo.cols.info:set("Value 64: " .. val64)
end
-- Registration
local udp_table = DissectorTable.get("udp.port")
udp_table:add(33333, p_foo)
You can use the foo.pcapng file I uploaded to cloudshark long ago to test this if you wish.