WSLUA_METHOD TreeItem_add_packet_field(lua_State *L) {
/*
Adds an child item to a given item, returning the child.
tree_item:add_packet_field([proto_field], [tvbrange], [encoding], ...)
*/
TvbRange tvbr;
ProtoField field;
int hfid;
int ett;
ftenum_t type;
TreeItem tree_item = shiftTreeItem(L,1);
guint encoding;
proto_item* item = NULL;
if (!tree_item) {
return luaL_error(L,"not a TreeItem!");
}
if (tree_item->expired) {
luaL_error(L,"expired TreeItem");
return 0;
}
if (! ( field = shiftProtoField(L,1) ) ) {
luaL_error(L,"TreeField:add_packet_field not passed a ProtoField");
return 0;
}
hfid = field->hfid;
type = field->type;
ett = field->ett;
tvbr = shiftTvbRange(L,1);
if (!tvbr) {
/* No TvbRange specified */
tvbr = ep_new(struct _wslua_tvbrange);
tvbr->tvb = ep_new(struct _wslua_tvb);
tvbr->tvb->ws_tvb = lua_tvb;
tvbr->offset = 0;
tvbr->len = 0;
}
WSLUA_METHOD TreeItem_add_packet_field(lua_State *L) {
/*
Adds a new child tree for the given `ProtoField` object to this tree item,
returning the new child `TreeItem`.
Unlike `TreeItem:add()` and `TreeItem:add_le()`, the `ProtoField` argument
is not optional, and cannot be a `Proto` object. Instead, this function always
uses the `ProtoField` to determine the type of field to extract from the
passed-in `TvbRange`, highlighting the relevant bytes in the Packet Bytes pane
of the GUI (if there is a GUI), etc. If no `TvbRange` is given, no bytes are
highlighted and the field's value cannot be determined; the `ProtoField` must
have been defined/created not to have a length in such a case, or an error will
occur. For backwards-compatibility reasons the `encoding` argument, however,
must still be given.
Unlike `TreeItem:add()` and `TreeItem:add_le()`, this function performs both
big-endian and little-endian decoding, by setting the `encoding` argument to
be `ENC_BIG_ENDIAN` or `ENC_LITTLE_ENDIAN`.
The signature of this function:
@code
tree_item:add_packet_field(proto_field [,tvbrange], encoding, ...)
@endcode
In Wireshark version 1.11.3, this function was changed to return more than
just the new child `TreeItem`. The child is the first return value, so that
function chaining will still work as before; but it now also returns the value
of the extracted field (i.e., a number, `UInt64`, `Address`, etc.). If the
value could not be extracted from the `TvbRange`, the child `TreeItem` is still
returned, but the second returned value is `nil`.
Another new feature added to this function in Wireshark version 1.11.3 is the
ability to extract native number `ProtoField`s from string encoding in the
`TvbRange`, for ASCII-based and similar string encodings. For example, a
`ProtoField` of as `ftypes.UINT32` type can be extracted from a `TvbRange`
containing the ASCII string "123", and it will correctly decode the ASCII to
the number `123`, both in the tree as well as for the second return value of
this function. To do so, you must set the `encoding` argument of this function
to the appropriate string `ENC_*` value, bitwise-or'd with the `ENC_STRING`
value (see `init.lua`). `ENC_STRING` is guaranteed to be a unique bit flag, and
thus it can added instead of bitwise-or'ed as well. Only single-byte ASCII digit
string encoding types can be used for this, such as `ENC_ASCII` and `ENC_UTF_8`.
For example, assuming the `Tvb` named "`tvb`" contains the string "123":
@code
-- this is done earlier in the script
local myfield = ProtoField.new("Transaction ID", "myproto.trans_id", ftypes.UINT16)
-- this is done inside a dissector, post-dissector, or heuristic function
-- child will be the created child tree, and value will be the number 123 or nil on failure
local child, value = tree:add_packet_field(myfield, tvb:range(0,3), ENC_UTF_8 + ENC_STRING)
@endcode
*/
#define WSLUA_ARG_TreeItem_add_packet_field_PROTOFIELD 2 /* The ProtoField field object to add to the tree. */
#define WSLUA_OPTARG_TreeItem_add_packet_field_TVBRANGE 3 /* The `TvbRange` of bytes in the packet this tree item covers/represents. */
#define WSLUA_ARG_TreeItem_add_packet_field_ENCODING 4 /* The field's encoding in the `TvbRange`. */
#define WSLUA_OPTARG_TreeItem_add_packet_field_LABEL 5 /* One or more strings to append to the created `TreeItem`. */
volatile TvbRange tvbr;
ProtoField field;
int hfid;
volatile int ett;
ftenum_t type;
TreeItem tree_item = shiftTreeItem(L,1);
guint encoding;
proto_item* item = NULL;
volatile int nargs;
volatile gint err = 0;
const char *volatile error = NULL;
if (!tree_item) {
return luaL_error(L,"not a TreeItem!");
}
if (tree_item->expired) {
luaL_error(L,"expired TreeItem");
return 0;
}
if (! ( field = shiftProtoField(L,1) ) ) {
luaL_error(L,"TreeField:add_packet_field not passed a ProtoField");
return 0;
}
hfid = field->hfid;
type = field->type;
ett = field->ett;
tvbr = shiftTvbRange(L,1);
if (!tvbr) {
/* No TvbRange specified */
tvbr = wmem_new(wmem_packet_scope(), struct _wslua_tvbrange);
tvbr->tvb = wmem_new(wmem_packet_scope(), struct _wslua_tvb);
tvbr->tvb->ws_tvb = lua_tvb;
tvbr->offset = 0;
tvbr->len = 0;
}
