I am testing some network packets of my Organisation's product. We already have custom plugins. I am trying to add some some more fields into those existing plugins (like conversion of 2 byte code to a string and assign it to a field)
Thankyou in advance for reading my query.
--edit
Wireshark version : 2.4.5 (organization's plugins dont work on latest wireshark application)
--edit
Problem statement: I am able to add field and show value, but fieldname is not displayed as defined.
I cannot share the entire .lua file but i will try to explain What i did:
- Below is the image where I have a field
aprint.type. this is a two byte field. In .lua file, for display purpose it is appended with corresponding description using a custom functionint_to_enum. - I want to add one more proto field
aprint.typetextwhich will show the text.
What I did:
- Added a protofield
f_apr_msg_type_txt = ProtoField.string("aprint.typetxt","aprint_type_text")(Triedf_apr_msg_type_txt = ProtoField.string("aprint.typetxt","aprint_type_text",FT_STRING)also) - Below the code where subtree
aprint.typeis shown, added my required field assubtree:add(f_apr_msg_type_txt, msg_type_string)(Below is image of code extract)
I am able to see the text but field Name is shown as Wireshark Lua text (_ws.lua.text)
Normally displaying strings based on numeric values is accomplished by a value string lookup, so you'd have something like so:
... then
I'm also not sure why you need the extra field with only the text when the text is already displayed with the existing field, but that's basically how you'd do it.