First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

ASCII representation to uint for ProtoField

  • retag add tags

Hi folks,

I want to create a filter possibility. For strings it works perfect with: Protocol_Type = ProtoField.string( "MyProtocol.Type", "Type " ) Protocol.fields = { Protocol_Type } TreeNode:add_le(Protocol_Type, buffer( 9, 3 ) )

but how can I do it for ascii represented (uint) numbers to filter it as numbers, not as string:

0x30 0x32 0x33 0x34 -> ProtoField.uint16 = 234 (decimal)

0x30 0x30 0x30 0x30 -> ProtoField.uint16 = 0 (decimal)

The string representation have a fixed length of four bytes (0..9999)

TIA Matthias

Matthias79's avatar
1
Matthias79
asked 2020-07-08 20:28:34 +0000
cmaynard's avatar
11.1k
cmaynard
updated 2020-07-10 20:54:11 +0000
edit flag offensive 0 remove flag close merge delete

Comments

I'm not a Lua programmer, so I can say for certain, but does bytearray:__tostring() help here? Get the byte array from the tvb then use this to get the string and add that as tree item?

Jaap's avatar Jaap (2020-07-09 21:02:48 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

There's probably more than 1 way to skin this cat, but you can use tonumber(). For example:

local p_foo = Proto("foo", "FOO Protocol")
local f_foo_val32_ascii = ProtoField.uint32("foo.val32_ascii", "Value 32 (ASCII)", base.DEC)

p_foo.fields = { f_foo_val32_ascii, ... }
...
function p_foo.dissector(buf, pinfo, tree)
    local foo_tree = tree:add(p_foo, buf(0, -1))
    ...
    foo_tree:add(f_foo_val32_ascii, buf(offset, 4), tonumber(buf(offset, 4):string()))
    ...
end

For more information on tonumber(), refer to the Lua manual.

For more information on tvbrange:string(), refer to Section 11.8.3.18. tvbrange:string([encoding]) in the Wireshark Developer's Guide

cmaynard's avatar
11.1k
cmaynard
answered 2020-07-10 20:52:35 +0000, updated 2020-07-10 20:52:56 +0000
edit flag offensive 0 remove flag delete link
more

Comments

That works perfect.

Thank you very much.

Matthias79's avatar Matthias79 (2020-07-12 19:48:29 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer