lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Well, here is the link to the complete Wireshark Lua API:
http://www.wireshark.org/docs/wsug_html_chunked/wsluarm_modules.html

According to it we use function tap.packet(pinfo,tvb,userdata) to get the packet data in a listener. A Tvb represents the packet's buffer. It is passed as an argument to listeners and dissectors, and can be used to extract information (via TvbRange) from the packet's data. It has a method tvb:__tostring() which convert the bytes of a Tvb into a string, to be used for debugging purposes as '...' will be appended in case the string is too long (this is exactly my case). 
There is a related tvbrange:string() function but I can't figure out how to use it in my case. Would you have an expert advise on it?

Thanks.


On Sun, Feb 21, 2010 at 3:41 PM, steve donovan <steve.j.donovan@gmail.com> wrote:
On Sun, Feb 21, 2010 at 1:41 PM, Peter Smith <psmith135@gmail.com> wrote:
> It's almost working for me except that it apparently truncates the resulting
> string to 4 characters.
>   print ("USERDATA LENGTH: " .. bytes.len)
>   print ("CONVERTED LENGTH: " .. string.len(ud.as_string(bytes)))

I tested with some naive C code:

static int l_userdata (lua_State *L) {
   lua_newuserdata(L,lua_tointeger(L,1));
   return 1;
}

Which gives us a userdatum of the given size; and as_string()
correctly gives the length back.

It looks like this object is rather more complicated than what it
appears!  Although it provides a field to give its size (bytes.len)
this is not the size of the actual userdata, which is _probably_ a
pointer to some buffer. It's hard to say without access to Wireshark's
internals.

Are you sure that Wireshark is not exposing the required information
in some other way?

steve d.