RE: Wireshark dissector : conversion of string into userdata

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: RE: Wireshark dissector : conversion of string into userdata
From: "Segreto, Ingrid" <Ingrid.Segreto@...>
Date: Wed, 10 Jun 2015 15:45:19 +0000

For information : it's now working thanks to your help. 
I use Wireshark's function : 

local b = ByteArray.new(deciphered_frame)
local buf_frame = ByteArray.tvb(b, "My Tvb")

The variable buf_frame is in the type expected by Wireshark and deciphered_frame is the string return by my dll.

-----Message d'origine-----
De : lua-l-bounces@lists.lua.org [mailto:lua-l-bounces@lists.lua.org] De la part de Segreto, Ingrid
Envoyé : mercredi 10 juin 2015 11:36
À : Lua mailing list
Objet : RE: Wireshark dissector : conversion of string into userdata

Thank you everyone for your quick responses : I ask the question to wireshark, and I'll try what you suggest and read your documentation.

-----Message d'origine-----
De : lua-l-bounces@lists.lua.org [mailto:lua-l-bounces@lists.lua.org] De la part de Thomas Buergel Envoyé : mardi 9 juin 2015 18:20 À : Lua mailing list Objet : RE: Wireshark dissector : conversion of string into userdata

> To be more precise I'd like to convert a string into a userdata so I can use that type of function :
> 
> function xxx(buf,pkt,tree)
>
> local apdu = buf(0,1):uint()
> local pdu_variant = buf(1,1):uint()

...

As the others said, this is not really a Lua question but instead a Wireshark API question.

Just as a starting pointer: the "buf" your dissector gets is a Wireshark object of type "Tvb" [1], representing the packet's buffer.
Calling it with (0,1) returns a TvbRange [2].

So if you wanted to create an intermediate/temporary Tvb from an array of bytes, you would want to look at (Wireshark) functions that create Tvbs. A quick scan of the Wireshark API documentation [3] leads me to believe that what you're looking for is a "ByteArray" [4] (again, a Wireshark construct, not a Lua feature).

From the ByteArray documentation, it is evident that you can construct ByteArray objects (with the .new function) and then construct a Tvb with the .tvb function, which seems roughly what you want to do.

Maybe there are other methods but that's a Wireshark question.

Cheers,
Tom

PS: it is You did not mention what your intent is. If some sort of unit-testing framework for your dissector, be aware that all the listed functions (Tvb/ByteArray etc.) are extensions to Lua, provided by Wireshark. They will only work inside the Wireshark implementation (or a clone thereof that you would have to provide).


[1] https://wiki.wireshark.org/LuaAPI/Tvb#Tvb
[2] https://wiki.wireshark.org/LuaAPI/Tvb#TvbRange
[3] https://wiki.wireshark.org/LuaAPI
[4] https://wiki.wireshark.org/LuaAPI/ByteArray

References:
- Wireshark dissector : conversion of string into userdata, Segreto, Ingrid
- RE: Wireshark dissector : conversion of string into userdata, Thijs Schreijer
- RE: Wireshark dissector : conversion of string into userdata, Segreto, Ingrid
- RE: Wireshark dissector : conversion of string into userdata, Thomas Buergel
- RE: Wireshark dissector : conversion of string into userdata, Segreto, Ingrid

Prev by Date: Re: Macros for setting / testing / getting value components in lobject.h
Next by Date: Re: Macros for setting / testing / getting value components in lobject.h
Previous by thread: RE: Wireshark dissector : conversion of string into userdata
Next by thread: Quick and dirty libreadline binding with completion support
Index(es):
- Date
- Thread