Ask Your Question

Revision history [back]

How to aquire treenode name from tree in post-dissector?

I would like to write a lua script which performs some analysis on an EtherCAT capture file capture by Wireshark. The protocol is EtherCAT and and EtherCAT frame can contain many datagrams which are represented as treenodes by the dissector. I would like to loop over treenodes (datagrams) to find a specific one.

I have tried to modify Hadriel's post-dissector example and I used it in tshark but the script breaks down at all_field_infos(). The "Treefields query:" is printed out but "... succeeded!" missing. What could be wrong?

How I use the script: tshark.exe -r ecat.pcapng -X lua_script:extarct.lua

 -- calling tostring() on random FieldInfo's can cause an error, so this func handles it
 local function getstring(finfo)
    local ok, val = pcall(tostring, finfo)
    if not ok then val = "(unknown)" end
    return val
 end

 -- our fake protocol
 local exproto = Proto.new("extract", "Data Extractor")

 function exproto.dissector(tvbuf, pktinfo, tree)

    print("")
    print("Actual packet no: " .. pktinfo.number .. " Length: " .. pktinfo.len .. " bytes")

    if tree == nil then
        print("Tree is nil!")
    else
        print("Treefields query:")
        local TreeFieldInfo = { all_field_infos() }
        print("... succeeded!")

        if TreeFieldInfo == nil then
            print("Treefield info is nil!")
        else
            -- Processing fields to find a datagram and aquire data from it.
            for ix, finfo in ipairs(TreeFieldInfo) do
                print("\t[" .. ix .. "] " .. finfo.name .. " = " .. getstring(finfo) .. "\n")
            end          
        end
    end
 end

 -- register it as a postdissector, and force all fields to be generated
 register_postdissector(exproto, true)

How to aquire treenode name from tree in post-dissector?

I would like to write a lua script which performs some analysis on an EtherCAT capture file capture by Wireshark. The protocol is EtherCAT and and EtherCAT frame can contain many datagrams which are represented as treenodes by the dissector. I would like to loop over treenodes (datagrams) to find a specific one.

I have tried to modify Hadriel's post-dissector example and I used it in tshark but the script breaks down at all_field_infos(). The "Treefields query:" is printed out but "... succeeded!" missing. What could be wrong?

How I use the script: tshark.exe -r ecat.pcapng -X lua_script:extarct.lua

 -- calling tostring() on random FieldInfo's can cause an error, so this func handles it
 local function getstring(finfo)
    local ok, val = pcall(tostring, finfo)
    if not ok then val = "(unknown)" end
    return val
 end

 -- our fake protocol
 local exproto = Proto.new("extract", "Data Extractor")

 function exproto.dissector(tvbuf, pktinfo, tree)

    print("")
    print("Actual packet no: " .. pktinfo.number .. " Length: " .. pktinfo.len .. " bytes")

    print("Call ESL dissector...")
    Dissector.get("esl"):call(tvbuf, pktinfo, tree)
    print("... succeeded!")

    if tree == nil then
        print("Tree is nil!")
    else
        print("Treefields query:")
        local TreeFieldInfo = { all_field_infos() }
        print("... succeeded!")

        if TreeFieldInfo == nil then
            print("Treefield info is nil!")
        else
            -- Processing fields to find a datagram and aquire data from it.
            for ix, finfo in ipairs(TreeFieldInfo) do
                print("\t[" .. ix .. "] " .. finfo.name .. " = " .. getstring(finfo) .. "\n")
            end          
        end
    end
 end

 -- register it as a postdissector, and force all fields to be generated
 register_postdissector(exproto, true)