How get index of buffer in post dissector lua

asked 2022-04-22 11:04:41 +0000

abd_uslu gravatar image

Hi everybody, I want to parse vendor specific field which is included topology response in 1905 message. How can i get beginning of index of the field in buffer.

vs_info ="")
vs_oui ="ieee1905.vendor_specific.oui")
message_id ="ieee1905.message_id");

onsemi_proto = Proto("OnSemiVS", "OnSemi vendor specific")

local al_mac = ProtoField.string("OnSemiVS.al_mac", "source mac address")
local message_type = ProtoField.string("OnSemiVS.message_type", "message type")
local device_uptime = ProtoField.uint32("OnSemiVS.device_uptime", "device up time")
local fw_version_len = ProtoField.uint32("OnSemiVS.fw_version_len", "fw version length")

onsemi_proto.fields = {al_mac, message_type, device_uptime, fw_version_len}

function onsemi_proto.dissector(buffer, pinfo, tree)

    local l_vs_info = vs_info()
    local l_vs_oui = vs_oui()
    local l_message_id = message_id()

    if tostring(l_vs_oui) == tostring(0xac6fbb) and tostring(l_message_id)== "0x00001426" then

        subtree = tree:add(onsemi_proto, "VS custom parser")
        --needed beginning of address of
        subtree:add(al_mac, tostring( buffer(xxx, 6) ) ) 


Can you share a capture file that includes these fields? Stick it on a public fileshare (Google, Onedrive, Dropbox,...) and add a link to it in your question.

Chuckc gravatar imageChuckc ( 2022-04-22 13:46:38 +0000 )edit seems to be a similar type field (wlan fields)

Chuckc gravatar imageChuckc ( 2022-05-02 02:12:21 +0000 )edit

1 Answer

answered 2022-04-23 16:45:59 +0000

Chuckc gravatar image

On the Wiki page Lua/Examples, see Extract field values.

  67                 -- get a TvbRange of the FieldInfo (fieldinfo.range in WSDG)
  68                 local ftvbr = finfo.tvb
  69                 tree:add(exfield_string, ftvbr:string(ENC_UTF_8))
  70                 tree:add(exfield_hex,tostring(ftvbr:bytes()))

The example DNS dissector (dissector.lua) has examples of using :range() with a tvb.

Here are changes to pull data out of

    local l_vs_info = vs_info().range

        subtree:add(al_mac, l_vs_info:range(0,6)) 


  • there is an open issue (17990: wsluarm: document FieldInfo aliases) to fix the WSDG.
  • It would help to have a sample capture for this protocol. The existing examples attached to bugs are short just to address the issue in the bug.
