Wireshark-dev: [Wireshark-dev] Getting Lua dissector to work with the display filter

From: "Scott Robinson" <scott.anthony.robinson@xxxxxxxxx>
Date: Fri, 2 Feb 2007 07:17:57 -0500

Similar to this thread, but in lua versus c:
http://www.wireshark.org/lists/wireshark-dev/200701/msg01384.html

Hi,

I'm trying to get a Lua dissector to work with the display filters. I've had partial success. The new protocol and associated fields show up in the Filter Expressions dialog. When you enter " myproto.ver == 1" the entry box is green, so it would appear wireshark is happy with the syntax. Problem is no packets are displayed. Also is you right click on the myproto version in the decode tree and select "Apply Filter As" the display filter shows as "frame[54:1] == 01" instead of " myproto.ver == 01"

Here's the part of the code where I initialize the fields:

my_proto  = Proto( "myproto", "MINE", "My Protocol" )

ver_F   = ProtoField.uint8( "myproto.ver", "Version" )
mtype_F = ProtoField.uint8( "myproto.mtype", "Message Type" )
grp_F   = ProtoField.uint16( "myproto.seq", "Sequence" )

ipmtc_proto.fields = { ver_F, mtype_F, grp_F }

The wiki examples show using Proto.fields = ProtoFieldArray( ver_F, mtype_F, grp_F ) but this appears to have been deprecated (it's not in the *wslua.h files now) , so I tried to manually populate the Proto.field with a Lua table of the fields. Not sure if this is correct.

Any pointers would be appreciated.

Thanks.
-Scott