Ask Your Question
0

Accessing field from dissector from post dissector

asked 2022-03-04 07:17:41 +0000

noob_shark gravatar image

updated 2022-03-04 09:08:06 +0000

grahamb gravatar image

Hi! Wireshark and Lua newbie here. I am trying to use a post dissector to dissect Bluetooth LE GATT data. The data has already been decode by the built in dissector as btatt.value and I figured I could further dissect btatt.value.

However, the code below doesn't work. I keep getting this error message:

calling 'add' on bad self (string expected, got userdata)

-- Source code below:

ble_gatt_value = Field.new("btatt.value")

trivial_proto = Proto("trivial","Trivial Postdissector")

gattval_field = ProtoField.bytes("trivial.gatt_value","GATT Value", base.DASH)

trivial_proto.fields = {gattval_field}

function trivial_proto.dissector(buffer,pinfo,tree)

    local src_gatt_val = ble_gatt_value()

    if src_gatt_val then 
        --print(src_gatt_val)
        local subtree = tree:add(trivial_proto, src_gatt_val, "Trivial Protocol Data")
        subtree:add(gattval_field,src_gatt_val)

    end
end

register_postdissector(trivial_proto)

What am I doing wrong? I have seen several examples but they all used the function argument buffer(x,y) with tree:add()

Thanks in advance.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-03-04 15:18:15 +0000

Chuckc gravatar image

updated 2022-03-04 15:20:29 +0000

We've all been there: https://twitter.com/cpu4coffee/status...

Finding a sample capture is usually the first hurdle: 10524 - Bluetooth Smart: Add GATT dissector

The value needs to be cast (tostring()) to a string for the add:

local subtree = tree:add(trivial_proto, tostring(src_gatt_val), "Trivial Protocol Data")
subtree:add(gattval_field,tostring(src_gatt_val))

The error message says it expects a "string" but got unformatted user data:

calling 'add' on bad self (string expected, got userdata)

    local src_gatt_val = ble_gatt_value()


Depending on how much the string will be needed, you might want another variable:

    if src_gatt_val then 
        --print(src_gatt_val)
        local src_gatt_val_str = tostring(src_gatt_val)
        local subtree = tree:add(trivial_proto, src_gatt_val_str, "Trivial Protocol Data")
        subtree:add(gattval_field,src_gatt_val_str)

    end
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-03-04 07:17:41 +0000

Seen: 525 times

Last updated: Mar 04 '22