Ask Your Question
0

What is the syntax for an "Integer range" for the dissectortable:add(pattern, dissector) function?

asked 2023-05-05 04:31:19 +0000

Rombutan gravatar image

updated 2023-05-05 13:45:11 +0000

Chuckc gravatar image

The documentation here (https://www.wireshark.org/docs/wsdg_h...) mentions an "integer range", but I cannot find any mention of it's syntax (or existance) anywhere in the lua or wireshark docs.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
1

answered 2023-05-05 13:57:48 +0000

Chuckc gravatar image

Added in 6762: Consistent port range selection for dissectors
I think the trick might be "Converts a range string" so the range needs a " (double quotes) wrapper.
The Wiki example (Using Lua to register protocols to more ports) could be rewritten as:

local tcp_port_table = DissectorTable.get("tcp.port")
local http_dissector = tcp_port_table:get_dissector(80)
tcp_port_table:add("4888-4891",http_dissector)

Search through the Wireshark source code for dissector_add_uint_range_with_preference for other range examples.

epan/wslua/wslua_dissector.c:

            /* Not a number, try as range */
            const gchar* pattern = luaL_checkstring(L,WSLUA_ARG_DissectorTable_add_PATTERN);
            range_t *range = NULL;
            if (range_convert_str(NULL, &range, pattern, G_MAXUINT32) == CVT_NO_ERROR) {
                dissector_add_uint_range(dt->name, range, handle);

epan/range.c:

/******************** Range Entry Parser *********************************/

/* Converts a range string to a fast comparable array of ranges.
 * The parameter 'es' points to the string to be converted.
 * The parameter 'max_value' specifies the maximum value in a
 * range.
 *
 * This function allocates a range_t large enough to hold the number
 * of ranges specified, and fills the array range->ranges containing
 * low and high values with the number of ranges being range->nranges.
 * After having called this function, the function value_is_in_range()
 * determines whether a given number is within the range or not.
 *
 * In case of a single number, we make a range where low is equal to high.
 * We take care on wrongly entered ranges; opposite order will be taken
 * care of.
 *
 * The following syntax is accepted :
 *
 *   1-20,30-40     Range from 1 to 20, and packets 30 to 40
 *   -20,30         Range from 1 to 20, and packet 30
 *   20,30,40-      20, 30, and the range from 40 to the end
 *   20-10,30-25    Range from 10 to 20, and from 25 to 30
 *   -              All values
 */
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2023-05-05 04:31:19 +0000

Seen: 245 times

Last updated: May 05 '23

Related questions

Unable to load lua plugins in wireshark 2.4.3

unable to add a plugin to wireshark

Disable protocol and decoded by my lua script

Register routine, register_tap_listener, register_wtap_module, register_codec_module routines

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Error while creating a Lua listener in 2.4.2 with filter

Lua Dumper to variable

SOME/IP Plugin under windows

http2 decrypted data in tshark lua script

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2