Ask Your Question
0

Initialize ProtoField table inside protocol init function.

asked 2024-12-04 08:31:00 +0000

Arnault gravatar image

updated 2024-12-06 22:52:11 +0000

I would like to initialize the fields protocol table inside the protocol init function, is it possible ?

I've tried the following but it doesn't seem to be working:

(The Wireshark UI search filter does not see the added ProtoField)

function my_protocol_addProtoFieds()
    local field_table = {}
    local attr_id = "test"
    local field_name = "proto." .. attr_id
    local field_abbr = attr_id
    local ltype = ftypes.BOOLEAN

    if ltype ~= nil then
        local field = ProtoField.new(field_name, field_abbr, ltype)
        table.insert(field_table, field)
    end
    my_protocol.fields = field_table
end

function my_protocol.init()
    -- read some initialization files
    my_protocol_addProtoFieds()
end
edit retag flag offensive close merge delete

Comments

It would help a bit if you could say exactly what it is that "doesn't seem to be working."

johnthacker gravatar imagejohnthacker ( 2024-12-05 02:39:34 +0000 )edit

The fields table is left unmodified.

Arnault gravatar imageArnault ( 2024-12-05 05:46:35 +0000 )edit

Are you actually creating the protocol somewhere? You don't in the sample code. Do you have lines like

local my_protocol = Proto("myprotocol", "MyProtocol")

How do you know that the fields table is left unmodified? Note that if you're trying to test it by printing in the Lua Console (as opposed to adding it to the tree), then if you define the protocol as a local, as above, then it will be nil in the Lua Console.

Using your basic code as above but creating a protocol and dissector, and registering it to a port:

function my_protocol.dissector(buf, pkt, tree)

    local subtree = tree:add(my_protocol, buf(0, 2))
    subtree:add(my_protocol.fields[1], buf(0, 1))
end

local udp_table = DissectorTable.get("udp.port")
udp_table:add(123, my_protocol)

I can definitely add fields from the protocol: Note that the Lua tables are 1-indexed.

johnthacker gravatar imagejohnthacker ( 2024-12-05 23:31:21 +0000 )edit

The point was based on fields initialization in prototocol init function. What I mean by "left unmodified" is that all changes to fieds table inside protocol init function is not seen by the WireShark UI search filter.

Arnault gravatar imageArnault ( 2024-12-06 22:52:23 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-12-05 02:42:48 +0000

johnthacker gravatar image

The short answer is no, that will probably result in problems at least when Reloading Lua Plugins and probably in other ways. Looking at the source code for init_wslua.c and wslua_proto.c, I think that would cause some problems and fail in ways that might cause the program to abort.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-12-04 08:31:00 +0000

Seen: 135 times

Last updated: Dec 06