This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

LUA: Formatting floating point decimals

0

Hi,

I have written a LUA postdissector that outputs some time delta values. I want the values to be in decimal format, but when the value is small (less than say 0.001) Wireshark displays the value in scientific notation.

alt text

I've tried adding a string.format call to the code specifying a floating point format but Wireshark still displays as scientific notation. The relevant code looks like this:

  new_item = subtree:add(rte_art_F, string.format("%.06f", rte_art))
  new_item:set_generated()

How can I force Wireshark to always display my value as a floating point decimal?

Thanks and regards...Paul

asked 11 Aug '15, 23:51

PaulOfford's gravatar image

PaulOfford
131283237
accept rate: 11%

One Answer:

0

Unfortunately the treeitem:add() function has a complicated API form. When you do this:

subtree:add(rte_art_F, string.format("%.06f", rte_art))

...you're having wireshark add the ProtoField object rte_art_F to the tree, with the value of the second argument. Since rte_art_F is presumably a ftypes.FLOAT ProtoField, wireshark will use the value as a floating point number, and display it however it displays such things. That second argument does not affect how it displays the value.

What you want to do is control what wireshark displays. So to do that, set the text it displays for that tree item. There are three ways to do that:

-- as a third argument of that same `treeitem:add()` function call:
new_item = subtree:add(rte_art_F, rte_art, string.format("%.06f", rte_art))

– or using treeitem:set_text():
new_item = subtree:add(rte_art_F, rte_art)
new_item:set_text(string.format("%.06f", rte_art))


– or as a field attribute:
new_item = subtree:add(rte_art_F, rte_art)
new_item.text = string.format("%.06f", rte_art)

I think one or all of those methods might replace the field label in the tree display as well, though I can’t recall right now. If they do, you’ll have to add that back in too, like:

new_item = subtree:add(rte_art_F, rte_art, string.format("APDU Rsp Time: %.06f", rte_art))

answered 12 Aug ‘15, 05:12

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Hi Hadriel,

Thanks for the prompt response.

The first two options make no difference. The third option throws an error on the line:

new_item.text = string.format("%.06f", rte_art)

The error is:

attempt to index local ‘new_item’ (a userdata value)

This did get me thinking about the way I have defined rte_art_F. I’ve got:

rte_art_F = ProtoField.float(“transum.art”,“APDU Rsp Time”)

Is that OK?

Thanks and regards…Paul

(12 Aug ‘15, 06:43) PaulOfford

What do you mean by: “The first two options make no difference.”? You mean they don’t work to change the text?

Sorry about the third option - I forgot that only became available in 1.99, the current development branch - not in 1.12.

(12 Aug ‘15, 07:31) Hadriel

Yes - with the first two options the text does not change, I still get scientific notation.

(12 Aug ‘15, 08:00) PaulOfford

Worked fine for me - what wireshark version are you running?

I just tried this and it worked fine on wireshark 1.12.6:

local myproto = Proto.new("myproto", "myproto")


local rte_art_F = ProtoField.float("myproto.art","APDU Rsp Time")


myproto.fields = { rte_art_F }


function myproto.dissector(tvbuf,pktinfo,root)
local tree = root:add(myproto, tvbuf(0,tvbuf:len()))


local rte_art = 0.000001

local subtree = tree:add(rte_art_F, rte_art)

subtree:set_text(string.format("Time = %.06f", rte_art))
subtree:set_generated()



end


register_postdissector(myproto)
(12 Aug ‘15, 08:35) Hadriel

Hi Hadriel,

I had my trees, subtrees and new_items muddled. Your code does generate a floating point decimal number, but now try right clicking on that number and Apply as Column. You get scientific notation again.

Is there some way of overriding the format in the column?

Thanks and regards…Paul

(14 Aug ‘15, 00:03) PaulOfford

No there’s no way to override the column as far as I know. It’s not a Lua thing; the column gets its data from the field’s value, all in C-code. It’s exactly what would happen if some C-code based dissector set a float field.

But really why don’t you just multiply your values by 1000 or some such - i.e., represent them as milliseconds instead of seconds. No one said your fields have to be based in seconds.

(14 Aug ‘15, 03:45) Hadriel

I have tbhought about multiplying by 1000 and I may add that option. I want to keep the information aligned with the way Wireshark represents similar information. So Wireshark will show Time since last frame as 0.000048 and a LUA calculating the same number shows 4.8e-005. It would be great if it were possible to set the format.

Anyway, thanks for your help.

(15 Aug ‘15, 01:03) PaulOfford
showing 5 of 7 show 2 more comments