Here's my basic dissector
I use wireshark 1.4.4, I start wireshark and load my dissector in the Lua "Evaluate" window, my packet got dissected correctly and I can see my bar field under the foo proto.
My problem is that I can't use foo.bar as a filter. When I click on "Expression..." the foo proto appears but it has not fields under. The only filter I can use is: foo
When try to evaluate:
Surprisingly when I use tshark with the option -T fields -e foo.bar and load the lua script, it works, pinfo.number is displayed.
How can I get my foo.bar field usable in my lua scripts ?
I recreated your problem with Wireshark 1.4.6 on Mac OS X 10.6, but it actually works correctly on Windows XP SP3; Windows Wireshark lets me use
I would submit a bug.
answered 28 Apr '11, 09:41
I can confirm the original posters problem using Version 1.6.2 (SVN Rev 38931 from /trunk-1.6) x64 under Windows 7 x64 (I used the evaluate function to run both commands)
answered 14 Sep '11, 05:55