WSLUA_METHOD TreeItem_add_packet_field(lua_State *L) { /* Adds an child item to a given item, returning the child. tree_item:add_packet_field([proto_field], [tvbrange], [encoding], ...) */ TvbRange tvbr; ProtoField field; int hfid; int ett; ftenum_t type; TreeItem tree_item = shiftTreeItem(L,1); guint encoding; proto_item* item = NULL; if (!tree_item) { return luaL_error(L,"not a TreeItem!"); } if (tree_item->expired) { luaL_error(L,"expired TreeItem"); return 0; } if (! ( field = shiftProtoField(L,1) ) ) { luaL_error(L,"TreeField:add_packet_field not passed a ProtoField"); return 0; } hfid = field->hfid; type = field->type; ett = field->ett; tvbr = shiftTvbRange(L,1); if (!tvbr) { /* No TvbRange specified */ tvbr = ep_new(struct _wslua_tvbrange); tvbr->tvb = ep_new(struct _wslua_tvb); tvbr->tvb->ws_tvb = lua_tvb; tvbr->offset = 0; tvbr->len = 0; }
WSLUA_METHOD TreeItem_add_packet_field(lua_State *L) { /* Adds a new child tree for the given `ProtoField` object to this tree item, returning the new child `TreeItem`. Unlike `TreeItem:add()` and `TreeItem:add_le()`, the `ProtoField` argument is not optional, and cannot be a `Proto` object. Instead, this function always uses the `ProtoField` to determine the type of field to extract from the passed-in `TvbRange`, highlighting the relevant bytes in the Packet Bytes pane of the GUI (if there is a GUI), etc. If no `TvbRange` is given, no bytes are highlighted and the field's value cannot be determined; the `ProtoField` must have been defined/created not to have a length in such a case, or an error will occur. For backwards-compatibility reasons the `encoding` argument, however, must still be given. Unlike `TreeItem:add()` and `TreeItem:add_le()`, this function performs both big-endian and little-endian decoding, by setting the `encoding` argument to be `ENC_BIG_ENDIAN` or `ENC_LITTLE_ENDIAN`. The signature of this function: @code tree_item:add_packet_field(proto_field [,tvbrange], encoding, ...) @endcode In Wireshark version 1.11.3, this function was changed to return more than just the new child `TreeItem`. The child is the first return value, so that function chaining will still work as before; but it now also returns the value of the extracted field (i.e., a number, `UInt64`, `Address`, etc.). If the value could not be extracted from the `TvbRange`, the child `TreeItem` is still returned, but the second returned value is `nil`. Another new feature added to this function in Wireshark version 1.11.3 is the ability to extract native number `ProtoField`s from string encoding in the `TvbRange`, for ASCII-based and similar string encodings. For example, a `ProtoField` of as `ftypes.UINT32` type can be extracted from a `TvbRange` containing the ASCII string "123", and it will correctly decode the ASCII to the number `123`, both in the tree as well as for the second return value of this function. To do so, you must set the `encoding` argument of this function to the appropriate string `ENC_*` value, bitwise-or'd with the `ENC_STRING` value (see `init.lua`). `ENC_STRING` is guaranteed to be a unique bit flag, and thus it can added instead of bitwise-or'ed as well. Only single-byte ASCII digit string encoding types can be used for this, such as `ENC_ASCII` and `ENC_UTF_8`. For example, assuming the `Tvb` named "`tvb`" contains the string "123": @code -- this is done earlier in the script local myfield = ProtoField.new("Transaction ID", "myproto.trans_id", ftypes.UINT16) -- this is done inside a dissector, post-dissector, or heuristic function -- child will be the created child tree, and value will be the number 123 or nil on failure local child, value = tree:add_packet_field(myfield, tvb:range(0,3), ENC_UTF_8 + ENC_STRING) @endcode */ #define WSLUA_ARG_TreeItem_add_packet_field_PROTOFIELD 2 /* The ProtoField field object to add to the tree. */ #define WSLUA_OPTARG_TreeItem_add_packet_field_TVBRANGE 3 /* The `TvbRange` of bytes in the packet this tree item covers/represents. */ #define WSLUA_ARG_TreeItem_add_packet_field_ENCODING 4 /* The field's encoding in the `TvbRange`. */ #define WSLUA_OPTARG_TreeItem_add_packet_field_LABEL 5 /* One or more strings to append to the created `TreeItem`. */ volatile TvbRange tvbr; ProtoField field; int hfid; volatile int ett; ftenum_t type; TreeItem tree_item = shiftTreeItem(L,1); guint encoding; proto_item* item = NULL; volatile int nargs; volatile gint err = 0; const char *volatile error = NULL; if (!tree_item) { return luaL_error(L,"not a TreeItem!"); } if (tree_item->expired) { luaL_error(L,"expired TreeItem"); return 0; } if (! ( field = shiftProtoField(L,1) ) ) { luaL_error(L,"TreeField:add_packet_field not passed a ProtoField"); return 0; } hfid = field->hfid; type = field->type; ett = field->ett; tvbr = shiftTvbRange(L,1); if (!tvbr) { /* No TvbRange specified */ tvbr = wmem_new(wmem_packet_scope(), struct _wslua_tvbrange); tvbr->tvb = wmem_new(wmem_packet_scope(), struct _wslua_tvb); tvbr->tvb->ws_tvb = lua_tvb; tvbr->offset = 0; tvbr->len = 0; }