Ask Your Question
0

How to access fields in custom packet context menus?

asked 2025-02-14 10:54:14 +0000

mwb gravatar image

Hi!

I am currently struggling with witing a Lua Tap. I've come closer to what I want, but I guess it's still hacky.

Anyhow, I've found out about a New Feature in Wireshark 4.2 โ€“ Custom Packet Context Menus and I think it's great! I don't have any issues in calling register_packet_menu() to see the wanted context menu entry - that works like a charm.

However, I am struggling to access the packet fields of the selected packet where the context menu is opened at.

Unfortunately, Moshe Kaplan's post omits the interesting part for me:

What's behind local fields = { ... };? A full example would be nice to see here!

This seems to be a placeholder because it's not valid syntax.

I've tried to call all_field_infos() - as this is my current workaround in the Lua tap as well to access the data I am interested in. But it turns out that this gives the following error:

Lua: Error During execution of Packet Menu Callback: <some Lua script file name>:<line number>: wslua_all_field_infos: Cannot be called outside a listener or dissector

I guess that I am missing some basic Wireshark Lua scripting aspect for packet field access here.

More specific questions could be:

  1. How do I access the USB source address here (usb.src)?
  2. How do I access the fields of (multiple!) frames inside of a packet of a custom protocol?

Thanks for your help!

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-02-14 14:58:00 +0000

moshekaplan gravatar image

updated 2025-02-14 15:13:51 +0000

Hi nwb. It may be surprising, but the ... syntax is actually valid Lua code for handling variable arguments!

For example, here is the code from https://www.lua.org/pil/5.2.html - 5.2 โ€“ Variable Number of Arguments:

printResult = ""

function print (...)
  for i,v in ipairs(arg) do
    printResult = printResult .. tostring(v) .. "\t"
  end
  printResult = printResult .. "\n"
end

In my example, the code you can copy and paste into the lua console would be:

local function search_google(...)
    local fields =  {...}
    for i, field in ipairs( fields ) do
        if (field.name == 'http.host') then
            browser_open_url("https://www.google.com/search?q=" .. field.value)
            break
        end
    end
end

register_packet_menu("HTTP/Search host in Google", search_google, "http.host")

In your case, if you want to operate on the usb.src field, you'd likely want to do something similar:

local function usb_src_action(...)
    local fields =  {...}
    for i, field in ipairs( fields ) do
        if (field.name == 'usb.src') then
            -- Do something special
            break
        end
    end
end

register_packet_menu("USB SRC action", usb_src_action, "usb.src")

For multiple fields, as long as it's a single 'packet', you might choose to loop over the fields and extract both variables, then do your operation. However, at this time, the custom packet menu code does not support operating on multiple Wireshark packets at once.

edit flag offensive delete link more

Comments

Hi Moshe! Thanks for the rapid response... very nice to see the original author respond here! :) So I can thank you for the new feature! It seems that I have missed the parameter list of the function being (...) as well, because I even tried to run code with local fields = {...}. (Honestly, I also got a little bit confused about seeing the same line again with a trailing semicolon ;... seems to be optional in Lua and work with and without it.) That's great. And indeed, I can see the same field name being used multiple times for a packet which contains more than one frame of our custom protocol! Nice... this will allow to pre-configure my Tap/Listener with values from the selected packet.

mwb gravatar imagemwb ( 2025-02-14 16:35:07 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2025-02-14 10:54:14 +0000

Seen: 1,504 times

Last updated: Feb 14

Related questions

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Error while creating a Lua listener in 2.4.2 with filter

Lua Dumper to variable

http2 decrypted data in tshark lua script

Decode as LUA - how do I do that?

LUA: dissector wide global table

Reuse (part of) a Wireshark Dissector

Any way to use cmd tshark for a gns3 wire?

how to change COL_PROTOCOL with lua code