On Fri, Jun 20, 2008 at 3:58 PM, Rowswell, Brent
<brent.rowswell@xxxxxxxx> wrote:
> So when you say that using a ProtoField would create a filterable field,
> do you mean that wireshark can then filter based on some field in the
> protocol which has the ProtoField added to it?
Yes, That's exactly it.
> If so, then what would that field be, and how would you access it?
You need to register a protocol, it's name gives you the first part of
the filters. the name of the ProtoField is the second part:
local proto = Proto.new("myproto")
local my_field1 = ProtoField.uint8("field1")
local my_field2 = ProtoField.uint8("field2")
proto.fields = {my_field1, my_field2}
that would create two display filter fields: myproto.field1 and myproto.field2
> E.G. does that mean that when I start up my wireshark and start a
> capture, can I then try in the filter field something like my_proto
> contains my_field and it would then only show the packets that contain
> my_field, or did you mean something else by being filterable?
Yes that's almost what that means!
The filter would be "myproto.field1" or like "myproto.field1 == 3",
not "my_proto contains field1".
The keyword contains is for another purposeL "my_proto contains
01:02:03" whould match only if the bytes belonging to my_proto contain
the hex sequence 010203.
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG
> Ontanon
> Sent: Wednesday, June 18, 2008 10:32 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] LUA development highlighting bytefield
> display with LUA
>
> mytree = subtree:add(tvb:range(0x1), "STUFF") should work
>
> or better if you defina a protoField lets'say
>
> local pf_mine = ProtoField.uint8("my_field")
>
> ...
> mytree = subtree:add(pf_mine, "STUFF")
>
> should not only highlight the bytes but should create a filterable field
> "my_proto.my_filed" for the byte(s) in the tvbRange.
>
> On Wed, Jun 18, 2008 at 3:15 PM, Rowswell, Brent
> <brent.rowswell@xxxxxxxx> wrote:
>> I've been trying to use this to get the subtrees to highlight, and so
>> far I can only get the first subtree to highlight correctly. Here's
>> the syntax of what I'm trying.
>>
>> local subtree = (tree:add(my_proto, tvb:range(), "my header")) --
>> works local mytree = (subtree:add("TEST ", tvb:range(0x1), "STUFF"))
>> -- doesn't highlight
>>
>> I know that wireshark can highlight the subtrees just by looking at
>> the ethernet filters in the hex pane, but for some reason this isn't
>> highlighting there. What should I do to get this to highlight. The
>> way I figure this should work is the first one highlights the entire
>> tvb, which it does, and the second should highlight all but the first
>> byte, which it doesn't.
>>
>>
>> -----Original Message-----
>> From: wireshark-dev-bounces@xxxxxxxxxxxxx
>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG
>> Ontanon
>> Sent: Tuesday, June 17, 2008 7:47 AM
>> To: Developer support list for Wireshark
>> Subject: Re: [Wireshark-dev] LUA development highlighting bytefield
>> display with LUA
>>
>> Lua uses the very same API that dissectors use. For protocol tree
>> items created with Lua (when they are given a tvbRange) the bytes in
>> the hex dump pane get highlighted as with any other dissector.
>>
>>
>> On Mon, Jun 16, 2008 at 3:37 PM, Rowswell, Brent
>> <brent.rowswell@xxxxxxxx> wrote:
>>> Hey there,
>>>
>>> I was wondering if there was a way to make my LUA dissector highlight
>
>>> specific bytes in the bytefield display so that they stand out
>>> easily,
>>
>>> such as the various portions of my header and attach these to the
>>> subtrees that explain what they are. I know something that does this
>
>>> is already built into wireshark and that it works very well for
>>> predefined message types, for instance it dissects TCP headers is a
>>> very readable way so that you can actually see which bytes correspond
>
>>> to the source and destination addresses. I would like to do
>>> something
>>
>>> similar on my own message type, so that the specific portions of my
>>> message are easily readable after dissection. Is there any way to do
>> this inside my LUA script?
>>>
>>> Brent Rowswell
>>>
>>> _______________________________________________
>>> Wireshark-dev mailing list
>>> Wireshark-dev@xxxxxxxxxxxxx
>>> https://wireshark.org/mailman/listinfo/wireshark-dev
>>>
>>>
>>
>>
>>
>> --
>> This information is top security. When you have read it, destroy
>> yourself.
>> -- Marshall McLuhan
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-dev
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-dev
>>
>
>
>
> --
> This information is top security. When you have read it, destroy
> yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
