# dissector print format ?

I'm a novice at dissectors and Lua. But, I have managed to put something together for my needs using examples. Thanks!

If I look at the Ethernet portion of a UDP packet, I see the following field..

.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)


How does one get this type of formatting in their Lua script? Is there a function that I need to call that will print in this format?

Thanks.

edit retag close merge delete

Sort by » oldest newest most voted

Caution, I'm a C programmer I only play at Lua.

The presentation is dictated by the field type in use, this is a boolean field with a bitmask to isolate the bit required along with a True\False string for the corresponding states of the bit. A lua bitfield type for the Ethernet LG field would be something like:

local myField = ProtoField.bool("eth.dst.lg", "LG Bit", 24, {"Locally administered address (this is NOT the factory default)", "Globally unique address (factory default)"}, 0x20000, "Specifies if this is a locally administered or globally unique (IEEE assigned) address")

more

Indeed, this is the easier and better solution, for this case and probably for the majority of cases.

If you need to isolate bits for summarizing in a tree or for displaying information in the Info column, or when calculating bitfields where some strange encoding is used, then you may need to use bit.band() and friends.

And perhaps it isn't applicable anymore, but in the old days, I recall that booleans didn't work with 64-bit bitfields, such as I ran into with ISO8583 bitmaps long ago, so special handling was needed there as well.

(And @Hadriel was the real Lua programmer around these parts, not me; I'm just a Lua pretender.)

( 2020-05-07 21:35:25 +0000 )edit

There is no built-in function for this. You would need to test each bit using bit operations (See http://bitop.luajit.org/), and then format the string using treeitem:set_text() and/or treeitem:append_text(). If you need to format a string beforehand, you can use string.format(), then pass that string to treeitem:set_text(), etc.

For example, to add the destination LG bit to the tree in another "protocol", FOO, shown here as a Lua postdissector:

    local p_foo = Proto("foo", "FOO")

local f_foo_dst_lg = ProtoField.bool("foo.dst.lg", "Dst LG Bit")
p_foo.fields = { f_foo_dst_lg }

local f_eth_dst = Field.new("eth.dst")

local lg_strs = {
[0] = "Globally unique address (factory default)",
}

function p_foo.dissector(buf, pinfo, tree)
local eth_dst_ex = f_eth_dst()
local eth_dst_tvb
local eth_dst_lg
if eth_dst_ex == nil then
return
end

local foo_tree = tree:add(p_foo, buf(0, -1))

pinfo.cols.protocol:set("FOO")
eth_dst_tvb = eth_dst_ex.range
eth_dst_lg = bit.rshift(bit.band(eth_dst_tvb(0, 1):uint(), 0x02), 1)
"Dst LG Bit: .... .. " .. eth_dst_lg .. ". .... .... .... .... = " ..
lg_strs[eth_dst_lg]
)
end

register_postdissector(p_foo)


Here, I didn't bother using string.format(), but if you're printing lots of flags and bitfields, then it might be useful to do so.

more