Doesn’t happen for me, on Windows-XP (sorry I don’t have a newer windows to try it on right now - my main machine’s a Mac).
If you can’t show your real script, can you try downloading the “dissector.lua" one on the script examples wiki page, along with the "dns_port.pcap" file, and try those to see if you see the same thing with that?
The examples page is here:
http://wiki.wireshark.org/Lua/Examples
...and the first section of that page is labeled "A dissector tutorial script", with the download link for "dissector.lua" and a few paragraphs later the link for "dns_port.pcap”.
-hadriel
On Apr 3, 2014, at 11:04 PM, Matthew Parlane <parlane@xxxxxxxxx> wrote:
> Hey everyone,
>
> I grabbed the latest Wireshark-win64-1.11.3-2224-gdf52f81.exe install.
>
> Made a lua script for decoding a simple protocol header and I am getting:
>
> User Datagram Protocol
> <lua fake item>
> Blah Protocol
>
> Basically my lua is
>
>
> local p_blah = Proto("blah","Blah Protocol");
> blah.fields = {... }
> function p_blah.dissector(buf, pinfo, root)
> local t = root:add(p_blah, buf(0,BLAH_HEADER_SIZE))
> t:add(f_item1, buf(0,4))
> -- root:set_text("What?")
> end
>
> Now if I do the root:set_text("What?"), it changes from <lua fake item> to <Text item>
>
>
> User Datagram Protocol
> <Text item>
> Blah Protocol
>
>
> The Blah protocol decodes perfectly, so that's fine. Just curious how to correctly add the nodes so that it doesn't give this extra row of fake lua ?
>
>
> p.s. Sorry on light details, I can't share the specs.
>
> Cheers,
> Matthew Parlane
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
