}
/* creates the TreeItem but does NOT push it into Lua */
TreeItem create_TreeItem(proto_tree* tree, proto_item* item)
{
TreeItem tree_item = (TreeItem)g_malloc(sizeof(struct _wslua_treeitem));
tree_item->tree = tree;
tree_item->item = item;
tree_item->expired = FALSE;
return tree_item;
}
CLEAR_OUTSTANDING(TreeItem, expired, TRUE)
WSLUA_CLASS_DEFINE(TreeItem,FAIL_ON_NULL_OR_EXPIRED("TreeItem"));
/* ++TreeItem++s represent information in the packet-details pane of
Wireshark, and the packet details view of Tshark. A `TreeItem` represents
a node in the tree, which might also be a subtree and have a list of
children. The children of a subtree have zero or more siblings: other children
of the same `TreeItem` subtree.
During dissection, heuristic-dissection, and post-dissection, a root
+TreeItem+ is passed to dissectors as the third argument of the function
callback (e.g., `myproto.dissector(tvbuf,pktinfo,root)`).
In some cases the tree is not truly added to, in order to improve performance.
For example for packets not currently displayed/selected in Wireshark's visible
window pane, or if Tshark isn't invoked with the `-V` switch. However the
"add" type `TreeItem` functions can still be called, and still return `TreeItem`
objects - but the info isn't really added to the tree. Therefore you do not
Pinfo* push_Pinfo(lua_State* L, packet_info* ws_pinfo) {
Pinfo pinfo = NULL;
if (ws_pinfo) {
pinfo = (Pinfo)g_malloc(sizeof(struct _wslua_pinfo));
pinfo->ws_pinfo = ws_pinfo;
pinfo->expired = FALSE;
g_ptr_array_add(outstanding_Pinfo,pinfo);
}
return pushPinfo(L,pinfo);
}
#define PUSH_PRIVATE_TABLE(L,c) {g_ptr_array_add(outstanding_PrivateTable,c);pushPrivateTable(L,c);}
WSLUA_CLASS_DEFINE(PrivateTable,FAIL_ON_NULL_OR_EXPIRED("PrivateTable"),NOP);
/* PrivateTable represents the pinfo->private_table. */
WSLUA_METAMETHOD PrivateTable__tostring(lua_State* L) {
/* Gets debugging type information about the private table. */
PrivateTable priv = toPrivateTable(L,1);
GString *key_string;
GList *keys, *key;
if (!priv) return 0;
key_string = g_string_new ("");
keys = g_hash_table_get_keys (priv->table);
key = g_list_first (keys);
while (key) {
key_string = g_string_append (key_string, (const gchar *)key->data);
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "config.h"
#include <epan/dfilter/dfilter.h>
#include <epan/ftypes/ftypes-int.h>
/* WSLUA_MODULE Field Obtaining dissection data */
#include "wslua.h"
/* any call to checkFieldInfo() will now error on null or expired, so no need to check again */
WSLUA_CLASS_DEFINE(FieldInfo,FAIL_ON_NULL_OR_EXPIRED("FieldInfo"),NOP);
/*
An extracted Field from dissected packet data. A `FieldInfo` object can only be used within
the callback functions of dissectors, post-dissectors, heuristic-dissectors, and taps.
A `FieldInfo` can be called on either existing Wireshark fields by using either `Field.new()`
or `Field()` before-hand, or it can be called on new fields created by Lua from a `ProtoField`.
*/
static GPtrArray* outstanding_FieldInfo = NULL;
#define PUSH_FIELDINFO(L,fi) {g_ptr_array_add(outstanding_FieldInfo,fi);pushFieldInfo(L,fi);}
CLEAR_OUTSTANDING(FieldInfo,expired,TRUE)
/* WSLUA_ATTRIBUTE FieldInfo_len RO The length of this field. */
#include <errno.h>
#include <wiretap/file_wrappers.h>
#define MAX_LINE_LENGTH 65536
/* WSLUA_MODULE File Custom file format reading/writing
The classes/functions defined in this section allow you to create your own
custom Lua-based "capture" file reader, or writer, or both.
@since 1.11.3
*/
WSLUA_CLASS_DEFINE(File,FAIL_ON_NULL_OR_EXPIRED("File"),NOP);
/*
A `File` object, passed into Lua as an argument by FileHandler callback
functions (e.g., `read_open`, `read`, `write`, etc.). This behaves similarly to the
Lua `io` library's `file` object, returned when calling `io.open()`, *except*
in this case you cannot call `file:close()`, `file:open()`, nor `file:setvbuf()`,
since Wireshark/tshark manages the opening and closing of files.
You also cannot use the '`io`' library itself on this object, i.e. you cannot
do `io.read(file, 4)`. Instead, use this `File` with the object-oriented style
calling its methods, i.e. `myfile:read(4)`. (see later example)
The purpose of this object is to hide the internal complexity of how Wireshark
handles files, and instead provide a Lua interface that is familiar, by mimicking
the `io` library. The reason true/raw `io` files cannot be used is because Wireshark
does many things under the hood, such as compress the file, or write to `stdout`,
or various other things based on configuration/commands.
*
* These lua objects refer to structures in wireshark that are freed independently from Lua's garbage collector.
* To avoid using pointers from Lua to Wireshark structures that are already freed, we maintain a list of the
* pointers each with a marker that tracks its expiry.
*
* All pointers are marked as expired when the dissection of the current frame is finished or when the garbage
* collector tries to free the object referring to the pointer, whichever comes first.
*
* All allocated memory chunks used for tracking the pointers' state are freed after marking the pointer as expired
* by the garbage collector or by the end of the dissection of the current frame, whichever comes second.
*
* We check the expiry state of the pointer before each access.
*
*/
WSLUA_CLASS_DEFINE(Tvb,FAIL_ON_NULL_OR_EXPIRED("Tvb"),NOP);
/* A Tvb represents the packet's buffer. It is passed as an argument to listeners and dissectors,
and can be used to extract information (via TvbRange) from the packet's data. Beware that Tvbs are usable only by the current
listener or dissector call and are destroyed as soon as the listener/dissector returns, so references
to them are unusable once the function has returned.
To create a tvbrange the tvb must be called with offset and length as optional arguments ( the offset defaults to 0 and the length to tvb:len() )*/
static GPtrArray* outstanding_Tvb = NULL;
static GPtrArray* outstanding_TvbRange = NULL;
#define PUSH_TVB(L,t) {g_ptr_array_add(outstanding_Tvb,t);pushTvb(L,t);}
#define PUSH_TVBRANGE(L,t) {g_ptr_array_add(outstanding_TvbRange,t);pushTvbRange(L,t);}
static void free_Tvb(Tvb tvb) {
if (!tvb) return;
