Ask Your Question
0

Looking for the wtap enums

asked 2025-02-10 16:22:51 +0000

colematt gravatar image

As the subject says, I'm looking for the wtap_encaps and wtap_file_tsprec tables (i.e. enumerated values) referred to in the Developer's Guide, Chapter 11.11. For examples:

11.11.1.2. captureinfo.encap

Mode: Retrieve or assign. The packet encapsulation type for the whole file. See wtap_encaps for available types. Set to wtap_encaps.PER_PACKET if packets can have different types, then later set FrameInfo.encap for each packet during read()/seek_read().

and

11.11.1.3. captureinfo.time_precision

Mode: Retrieve or assign. The precision of the packet timestamps in the file. See wtap_file_tsprec for available precisions.

I have done a simple grep of the Wireshark repo's contents with no joy, which leads me to believe the Lua tables are being generated from C code at build time. However I can't find them in the install directory either, only the Lua API's .so files.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-02-10 19:36:52 +0000

Chuckc gravatar image

A list of lua tables is in epan/wslua/init_wslua.c:

#define WSLUA_BASE_TABLE        "base"
#define WSLUA_FTYPE_TABLE       "ftypes"
#define WSLUA_FRAMETYPE_TABLE   "frametype"
#define WSLUA_CONV_TYPE_TABLE   "convtypes"
#define WSLUA_EXPERT_TABLE      "expert"
#define WSLUA_EXPERT_GROUP_TABLE    "group"
#define WSLUA_EXPERT_SEVERITY_TABLE "severity"
#define WSLUA_WTAP_ENCAPS_TABLE     "wtap_encaps"
#define WSLUA_WTAP_TSPREC_TABLE     "wtap_tsprecs"
#define WSLUA_WTAP_COMMENTS_TABLE   "wtap_comments"
#define WSLUA_WTAP_RECTYPES_TABLE   "wtap_rec_types"
#define WSLUA_WTAP_PRESENCE_FLAGS_TABLE "wtap_presence_flags"

The contents of each table can be dumped in the Lua console of the Wireshark gui.
There is a typo/name change for wtap_file_tsprec that needs updating.

for k,v in pairs(wtap_encaps) do
 print(k,v)
end

JUNIPER_MLPPP   81
UNKNOWN 0
SILABS_DEBUG_CHANNEL    222
PKTAP   171
BER 90
BACNET_MS_TP_WITH_PHDR  143
X2E_XORAYA  105
IEEE802_15_4_TAP    206
...

for k,v in pairs(wtap_tsprecs) do
 print(k,v)
end

10_NSEC 8
MSEC    3
SEC 0
10_MSEC 2
NSEC    9
10_USEC 5
CSEC    2
100_NSEC    7
USEC    6
DSEC    1
UNKNOWN -2
100_MSEC    1
100_USEC    4
PER_PACKET  -1
edit flag offensive delete link more

Comments

45fb3771: Fix lua bindings to handle timestamp precision changes
In the beginning, tsprec was bundled in with ftypes table.

# this has to catch both file types and timestamp precision defines (yuck)


Notes:
convtypes added in 18890: wslua: Expose conversation API
"group" and "severity" are part of the "expert" table. Use "expert.group" or "expert.severity" in the dump script.

Chuckc gravatar imageChuckc ( 2025-02-10 20:08:05 +0000 )edit

That did the trick, thanks for the timely response!

colematt gravatar imagecolematt ( 2025-02-10 21:46:43 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2025-02-10 16:22:51 +0000

Seen: 40 times

Last updated: Feb 10

Related questions

Add custom option to toolbar in wireshark GUI

Testing Lua Dissectors [closed]

lua dissector bind a Protocolfield treeitem to existing protocol in wireshark

Dynamic mask in LUA ProtoFields

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Error while creating a Lua listener in 2.4.2 with filter

Lua Dumper to variable

http2 decrypted data in tshark lua script

Decode as LUA - how do I do that?