Filtering text before adding to tree
I'm trying to filter some ebcdic text before translating and adding to an item.
At the moment I'm simply doing
t_body:add_packet_field(f_message_body, buffer(offsetBody), ENC_EBCDIC)
but the text contains legitimate non-printable characters, such as x00 (which ends the printed string) and 0x15 (which prints as \u0015), amongst others, that I'd like to translate to a period before adding them.
I think I can build a translate table using something like:
printableEbcdic = {}
for i=0, 255 do
printableEbcdic[i] = i
end
printableEbcdic[0] = 0x4b
printableEbcdic[0x15] = 0x4b
I seem to be able to get the raw bytes by doing:
local message_bytes = buffer(offsetBody):bytes()
print("mb: (".. message_bytes:len() .. ") " .. tostring(message_bytes) )
But then I'm at a loss how to proceed. A test loop fails as the byte is being translated to nil:
for i=1, message_bytes:len() do
local byteBefore = message_bytes:raw(i-1,1)
print("before: " .. byteBefore)
local byteAfter = printableEbcdic[byteBefore]
print("after: " .. byteAfter)
end
Lua Error: ...ads\WiresharkPortable64-development\Data\plugins\pao.lua:131: attempt to concatenate local 'byteAfter' (a nil value)
which suggests that lua is not using the index into the translation table in the way I'm expecting.
Another issue I'm concerned about is that add_packet_field() expects a tvbrange in order to highlight the bytes on the packet hex dump, but if I translate them to something else, how do I inform wireshark to identify the range correctly?
Any suggestions of how to get this working -- and preferably more efficiently than using a loop -- would be much appreciated.
Comments