it turns the protocol name into lowercase
so that'd be:
myproto.stuff
it should turn green if it is ok.
what about the [Expression...] dialog do you see your proto there?
On Fri, Jun 20, 2008 at 6:05 PM, Rowswell, Brent
<brent.rowswell@xxxxxxxx> wrote:
> Whenever I try to run the filter on the ProtoFields wireshark comes up
> with an error.
> I'm trying to assign the ProtoField as such:
>
> local my_proto = Proto("MYPROTO", "myproto does some stuff")
> local test = ProtoField.uint8("stuff")
> my_proto.fields = test
>
> And the filter I'm trying to use is MYPROTO.stuff correct?
>
>
> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG
> Ontanon
> Sent: Friday, June 20, 2008 10:09 AM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] LUA development highlighting bytefield
> display with LUA
>
> On Fri, Jun 20, 2008 at 3:58 PM, Rowswell, Brent
> <brent.rowswell@xxxxxxxx> wrote:
>> So when you say that using a ProtoField would create a filterable
>> field, do you mean that wireshark can then filter based on some field
>> in the protocol which has the ProtoField added to it?
> Yes, That's exactly it.
>
>> If so, then what would that field be, and how would you access it?
>
> You need to register a protocol, it's name gives you the first part of
> the filters. the name of the ProtoField is the second part:
>
>
> local proto = Proto.new("myproto")
> local my_field1 = ProtoField.uint8("field1") local my_field2 =
> ProtoField.uint8("field2")
>
> proto.fields = {my_field1, my_field2}
>
>
> that would create two display filter fields: myproto.field1 and
> myproto.field2
>
>
>> E.G. does that mean that when I start up my wireshark and start a
>> capture, can I then try in the filter field something like my_proto
>> contains my_field and it would then only show the packets that contain
>
>> my_field, or did you mean something else by being filterable?
>
> Yes that's almost what that means!
>
> The filter would be "myproto.field1" or like "myproto.field1 == 3", not
> "my_proto contains field1".
>
> The keyword contains is for another purposeL "my_proto contains
> 01:02:03" whould match only if the bytes belonging to my_proto contain
> the hex sequence 010203.
>
>
>
>
>>
>> -----Original Message-----
>> From: wireshark-dev-bounces@xxxxxxxxxxxxx
>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG
>> Ontanon
>> Sent: Wednesday, June 18, 2008 10:32 AM
>> To: Developer support list for Wireshark
>> Subject: Re: [Wireshark-dev] LUA development highlighting bytefield
>> display with LUA
>>
>> mytree = subtree:add(tvb:range(0x1), "STUFF") should work
>>
>> or better if you defina a protoField lets'say
>>
>> local pf_mine = ProtoField.uint8("my_field")
>>
>> ...
>> mytree = subtree:add(pf_mine, "STUFF")
>>
>> should not only highlight the bytes but should create a filterable
>> field "my_proto.my_filed" for the byte(s) in the tvbRange.
>>
>> On Wed, Jun 18, 2008 at 3:15 PM, Rowswell, Brent
>> <brent.rowswell@xxxxxxxx> wrote:
>>> I've been trying to use this to get the subtrees to highlight, and so
>
>>> far I can only get the first subtree to highlight correctly. Here's
>>> the syntax of what I'm trying.
>>>
>>> local subtree = (tree:add(my_proto, tvb:range(), "my header")) --
>>> works local mytree = (subtree:add("TEST ", tvb:range(0x1), "STUFF"))
>>> -- doesn't highlight
>>>
>>> I know that wireshark can highlight the subtrees just by looking at
>>> the ethernet filters in the hex pane, but for some reason this isn't
>>> highlighting there. What should I do to get this to highlight. The
>>> way I figure this should work is the first one highlights the entire
>>> tvb, which it does, and the second should highlight all but the first
>
>>> byte, which it doesn't.
>>>
>>>
>>> -----Original Message-----
>>> From: wireshark-dev-bounces@xxxxxxxxxxxxx
>>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG
>>> Ontanon
>>> Sent: Tuesday, June 17, 2008 7:47 AM
>>> To: Developer support list for Wireshark
>>> Subject: Re: [Wireshark-dev] LUA development highlighting bytefield
>>> display with LUA
>>>
>>> Lua uses the very same API that dissectors use. For protocol tree
>>> items created with Lua (when they are given a tvbRange) the bytes in
>>> the hex dump pane get highlighted as with any other dissector.
>>>
>>>
>>> On Mon, Jun 16, 2008 at 3:37 PM, Rowswell, Brent
>>> <brent.rowswell@xxxxxxxx> wrote:
>>>> Hey there,
>>>>
>>>> I was wondering if there was a way to make my LUA dissector
>>>> highlight
>>
>>>> specific bytes in the bytefield display so that they stand out
>>>> easily,
>>>
>>>> such as the various portions of my header and attach these to the
>>>> subtrees that explain what they are. I know something that does
>>>> this
>>
>>>> is already built into wireshark and that it works very well for
>>>> predefined message types, for instance it dissects TCP headers is a
>>>> very readable way so that you can actually see which bytes
>>>> correspond
>>
>>>> to the source and destination addresses. I would like to do
>>>> something
>>>
>>>> similar on my own message type, so that the specific portions of my
>>>> message are easily readable after dissection. Is there any way to
>>>> do
>>> this inside my LUA script?
>>>>
>>>> Brent Rowswell
>>>>
>>>> _______________________________________________
>>>> Wireshark-dev mailing list
>>>> Wireshark-dev@xxxxxxxxxxxxx
>>>> https://wireshark.org/mailman/listinfo/wireshark-dev
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> This information is top security. When you have read it, destroy
>>> yourself.
>>> -- Marshall McLuhan
>>> _______________________________________________
>>> Wireshark-dev mailing list
>>> Wireshark-dev@xxxxxxxxxxxxx
>>> https://wireshark.org/mailman/listinfo/wireshark-dev
>>> _______________________________________________
>>> Wireshark-dev mailing list
>>> Wireshark-dev@xxxxxxxxxxxxx
>>> https://wireshark.org/mailman/listinfo/wireshark-dev
>>>
>>
>>
>>
>> --
>> This information is top security. When you have read it, destroy
>> yourself.
>> -- Marshall McLuhan
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-dev
>> _______________________________________________
>> Wireshark-dev mailing list
>> Wireshark-dev@xxxxxxxxxxxxx
>> https://wireshark.org/mailman/listinfo/wireshark-dev
>>
>
>
>
> --
> This information is top security. When you have read it, destroy
> yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
