So when you say that using a ProtoField would create a filterable field,
do you mean that wireshark can then filter based on some field in the
protocol which has the ProtoField added to it? If so, then what would
that field be, and how would you access it?
E.G. does that mean that when I start up my wireshark and start a
capture, can I then try in the filter field something like my_proto
contains my_field and it would then only show the packets that contain
my_field, or did you mean something else by being filterable?
-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG
Ontanon
Sent: Wednesday, June 18, 2008 10:32 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] LUA development highlighting bytefield
display with LUA
mytree = subtree:add(tvb:range(0x1), "STUFF") should work
or better if you defina a protoField lets'say
local pf_mine = ProtoField.uint8("my_field")
...
mytree = subtree:add(pf_mine, "STUFF")
should not only highlight the bytes but should create a filterable field
"my_proto.my_filed" for the byte(s) in the tvbRange.
On Wed, Jun 18, 2008 at 3:15 PM, Rowswell, Brent
<brent.rowswell@xxxxxxxx> wrote:
> I've been trying to use this to get the subtrees to highlight, and so
> far I can only get the first subtree to highlight correctly. Here's
> the syntax of what I'm trying.
>
> local subtree = (tree:add(my_proto, tvb:range(), "my header")) --
> works local mytree = (subtree:add("TEST ", tvb:range(0x1), "STUFF"))
> -- doesn't highlight
>
> I know that wireshark can highlight the subtrees just by looking at
> the ethernet filters in the hex pane, but for some reason this isn't
> highlighting there. What should I do to get this to highlight. The
> way I figure this should work is the first one highlights the entire
> tvb, which it does, and the second should highlight all but the first
> byte, which it doesn't.
>
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG
> Ontanon
> Sent: Tuesday, June 17, 2008 7:47 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] LUA development highlighting bytefield
> display with LUA
>
> Lua uses the very same API that dissectors use. For protocol tree
> items created with Lua (when they are given a tvbRange) the bytes in
> the hex dump pane get highlighted as with any other dissector.
>
>
> On Mon, Jun 16, 2008 at 3:37 PM, Rowswell, Brent
> <brent.rowswell@xxxxxxxx> wrote:
>> Hey there,
>>
>> I was wondering if there was a way to make my LUA dissector highlight
>> specific bytes in the bytefield display so that they stand out
>> easily,
>
>> such as the various portions of my header and attach these to the
>> subtrees that explain what they are. I know something that does this
>> is already built into wireshark and that it works very well for
>> predefined message types, for instance it dissects TCP headers is a
>> very readable way so that you can actually see which bytes correspond
>> to the source and destination addresses. I would like to do
>> something
>
>> similar on my own message type, so that the specific portions of my
>> message are easily readable after dissection. Is there any way to do
> this inside my LUA script?
>>
>> Brent Rowswell
>>
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-dev
>>
>>
>
>
>
> --
> This information is top security. When you have read it, destroy
> yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
--
This information is top security. When you have read it, destroy
yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-dev
