Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Extracting multiple FieldInfo values from a Field in Lua

From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Mon, 10 May 2010 18:00:27 -0700
I'm trying to extract the "outer" and "inner" ip.src fields in an ICMP
time-to-live exceeded packet using Lua. If I create a listener that runs
the following:

    ip_src_f = Field.new("ip.src")
    local ip_src = ip_src_f()
    local src = tostring(ip_src.value)

I can only see the lowest-layer ip.src field. According to the User's
Guide, calling a field's method obtains *all* of the FieldInfo values
for that field. Adding a debug printf to Field__call in wslua_field.c
shows it pushing two ip.src values into the stack for each ICMP packet,
so Lua is presumably receiving them. Does anyone know how to access them
within the script?

The Lua API also provides a all_field_infos() function which returns the
entire dissection tree. Are there any examples that show how to use it?


-- 
Join us for Sharkfest ’10! · Wireshark® Developer and User Conference
Stanford University, June 14-17 · http://www.cacetech.com/sharkfest.10/