Dear Wireshark group,
I'm currently writing my first Lua dissector for the network protocol of the Cafu game
engine (http://www.cafu.de), and would be very grateful for your help:
The presentation at
http://sharkfest.wireshark.org/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf
got me started very well, and reading fixed-width data works fine. For example
(incomplete excerpt):
local CafuProto = Proto("Cafu", "Cafu Engine network protocol");
CafuProto.fields.SequNr = ProtoField.uint32("Cafu.SequNr", "1st sequence number")
function CafuProto.dissector(buffer, pinfo, tree)
local subtree = tree:add(CafuProto, buffer())
local offset = 0
subtree:add(CafuProto.fields.SequNr, buffer(offset, 4));
offset = offset + 4
end
However, I was wondering how I best read zero-terminated strings?
Of course it is possible to loop over i until
buffer(offset+i, 1):uint8() == 0
then
i = i + 1 -- Read the zero as well.
subtree:add(CafuProto.fields.MyString, buffer(offset, i));
offset = offset + i
But I was wondering if there is a more direct and/or more elegant way?
Btw., what is the difference between ProtoField.string and ProtoField.stringz as
mentioned at
http://www.wireshark.org/docs/wsug_html_chunked/lua_module_Proto.html#lua_class_ProtoField ?
Any help or comments would much be appreciated!
Best regards,
Carsten
--
Cafu - the open-source Game and Graphics Engine
for multiplayer, cross-platform, real-time 3D Action
Learn more at http://www.cafu.de
