First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Accessing field from dissector from post dissector

Hi! Wireshark and Lua newbie here. I am trying to use a post dissector to dissect Bluetooth LE GATT data. The data has already been decode by the built in dissector as btatt.value and I figured I could further dissect btatt.value.

However, the code below doesn't work. I keep getting this error message:

calling 'add' on bad self (string expected, got userdata)

-- Source code below:

ble_gatt_value = Field.new("btatt.value")

trivial_proto = Proto("trivial","Trivial Postdissector")

gattval_field = ProtoField.bytes("trivial.gatt_value","GATT Value", base.DASH)

trivial_proto.fields = {gattval_field}

function trivial_proto.dissector(buffer,pinfo,tree)

    local src_gatt_val = ble_gatt_value()

    if src_gatt_val then 
        --print(src_gatt_val)
        local subtree = tree:add(trivial_proto, src_gatt_val, "Trivial Protocol Data")
        subtree:add(gattval_field,src_gatt_val)

    end
end

register_postdissector(trivial_proto)

What am I doing wrong? I have seen several examples but they all used the function argument buffer(x,y) with tree:add()

Thanks in advance.

noob_shark's avatar
1
noob_shark
asked 2022-03-04 07:17:41 +0000
grahamb's avatar
23.8k
grahamb
updated 2022-03-04 09:08:06 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

We've all been there: https://twitter.com/cpu4coffee/status...

Finding a sample capture is usually the first hurdle: 10524 - Bluetooth Smart: Add GATT dissector

The value needs to be cast (tostring()) to a string for the add:

local subtree = tree:add(trivial_proto, tostring(src_gatt_val), "Trivial Protocol Data")
subtree:add(gattval_field,tostring(src_gatt_val))

The error message says it expects a "string" but got unformatted user data:

calling 'add' on bad self (string expected, got userdata)

    local src_gatt_val = ble_gatt_value()


Depending on how much the string will be needed, you might want another variable:

    if src_gatt_val then 
        --print(src_gatt_val)
        local src_gatt_val_str = tostring(src_gatt_val)
        local subtree = tree:add(trivial_proto, src_gatt_val_str, "Trivial Protocol Data")
        subtree:add(gattval_field,src_gatt_val_str)

    end
Chuckc's avatar
3k
Chuckc
answered 2022-03-04 15:18:15 +0000, updated 2022-03-04 15:20:29 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer