Wireshark-dev: [Wireshark-dev] Accessing calculated fields from Lua
I am writing a Lua script that extracts certain fields from various protocols and then adds them to the display tree. It doesn't create any new information, just collects these fields of interest all in one place for easier viewing.
The problem I am running into is that some of the fields do not exist inline in the packet data, they are expanded from compressed info. So the highlighted bytes in the packet for those fields are only part of the expanded value, and in some cases none of the expanded value is found in the packet (just a bit that tells the dissector to look elsewhere). When the Lua field extractors try to get the values of these fields, they apparently assume that the value is contained explicitly in the packet, thus getting incorrect data or perhaps none at all. (In fact if the original field is entered into the tree with a length of 0, the Lua field extractor will get an error.)
I have been digging through the wslua code in hopes that there is a simple solution, as I have occasionally found in the past, but quickly found myself over my head. Can someone confirm that the issue I have described is real? And if so, are there any hints as to where a fix might belong? I can't even figure out where or how these calculated field values are stored; one would assume in a field_info struct, but when I print out the contents of the field_info with the correct hfinfo->id, the value I get seems to be extracted from the packet data again, not the calculated/expanded value.
The example I'm currently struggling with is the 6LoWPAN IPv6 src & dest addresses, but this isn't the wireshark dissector, it's a plugin created from someone else's code. (We'll move to the wireshark dissector when it starts being included in the stable releases.)
Thanks for any advice you can offer.
b.
