Re: [Wireshark-dev] lua decoder accessing info from layers above

[qiangxiong.huang]

The best way is to check the pinfo. port_type to get the current transport 
protocol type.  There is an example on this 
page: https://gitlab.com/wireshark/wireshark/-/wikis/protobuf



---Original---
From: "chuck c"<bubbas...@gmail.com&gt;
Date: Wed, Oct 14, 2020 22:33 PM
To: "Developer support list for Wireshark"<wireshark-dev@wireshark.org&gt;;
Subject: Re: [Wireshark-dev] lua decoder accessing info from layers above


local p_foo = Proto.new("foo", "foo")
local f_frame_protocols = Field.new("frame.protocols")

function p_foo.dissector(buf, pinfo, tree)
&nbsp; &nbsp; print(pinfo.number, "Protocols: " .. (f_frame_protocols() and 
f_frame_protocols().value or "Unknown"))
-- &nbsp; &nbsp;print(pinfo.number, f_frame_protocols().value)
end

register_postdissector(p_foo)



Script above prints to the Lua console.
What was the situation&nbsp;where it doesn't work?


On Tue, Oct 13, 2020 at 12:45 PM Maynard, Chris via Wireshark-dev 
<wireshark-dev@wireshark.org&gt; wrote:

&gt; From: Wireshark-dev <wireshark-dev-boun...@wireshark.org&gt; On Behalf Of 
Fulko Hew
 &gt; Sent: Monday, October 12, 2020 8:00 PM
 &gt; To: Developer support list for Wireshark <wireshark-dev@wireshark.org&gt;
 &gt; Subject: [Wireshark-dev] lua decoder accessing info from layers above
 &gt;
 &gt; I'm trying to update/improve someone else's decoder written in Lua.
 &gt; It's for a simple UDP (and TCP) based protocol.
 &gt; But I need to be able to get access to the upper layer
 &gt; to be able to decode it easily.
 &gt;
 &gt; Can someone provide an example of how to determine if the higher layer 
was UDP or TCP?
 &gt;
 &gt; Thanks
 &gt; Fulko
 &gt;
 
 I was going to suggest a possible alternative solution which would be to grab 
"frame.protocols" and scan it for udp or tcp, but unfortunately this method 
doesn't work.&nbsp; For example:
 
 local f_frame_protocols = Field.new("frame.protocols")
 
 function p_foo.dissector(buf, pinfo, tree)
 &nbsp; &nbsp; print("Protocols: " .. (f_frame_protocols() and 
f_frame_protocols().value or "Unknown"))
 end
 
 I suspect this has something to do with it being a generated field, but this 
looks like a Wireshark bug to me, unless someone can explain why this doesn't 
and shouldn't be expected to work.
 - Chris
 
 
 
 
 
 
 
 
 
 CONFIDENTIALITY NOTICE: This message is the property of International Game 
Technology PLC and/or its subsidiaries and may contain proprietary, 
confidential or trade secret information. This message is intended solely for 
the use of the addressee. If you are not the intended recipient and have 
received this message in error, please delete this message from your system. 
Any unauthorized reading, distribution, copying, or other use of this message 
or its attachments is strictly prohibited.
 ___________________________________________________________________________
 Sent via:&nbsp; &nbsp; Wireshark-dev mailing list 
<wireshark-dev@wireshark.org&gt;
 Archives:&nbsp; &nbsp; https://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 
&nbsp;mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe