A Field extractor to obtain field values. A Field object can only be created outside of
the callback functions of dissectors, post-dissectors, heuristic-dissectors, and taps.
Once created, it is used inside the callback functions, to generate a FieldInfo object.
Create a Field extractor.
Arguments
- fieldname
- The filter name of the field (e.g. ip.addr)
Returns
The field extractor
Errors
- A Field extractor must be defined before Taps or Dissectors get called
Gets a Lua array table of all registered field filter names.
![[Note]](wsdg_graphics/note.svg) | Note |
|---|---|
|
This is an expensive operation, and should only be used for troubleshooting. |
Since: 1.11.3
Returns
The array table of field filter names
Obtain all values (see FieldInfo) for this field.
Returns
All the values of this field
Errors
- Fields cannot be used outside dissectors or taps
Mode: Retrieve only.
The full display name of this field, or nil.
Since: 1.99.8
An extracted Field from dissected packet data. A FieldInfo object can only be used within
the callback functions of dissectors, post-dissectors, heuristic-dissectors, and taps.
A FieldInfo can be called on either existing Wireshark fields by using either Field.new()
or Field() before-hand, or it can be called on new fields created by Lua from a ProtoField.
Obtain the Value of the field.
Previous to 1.11.4, this function retrieved the value for most field types,
but for ftypes.UINT_BYTES it retrieved the ByteArray of the field’s entire TvbRange.
In other words, it returned a ByteArray that included the leading length byte(s),
instead of just the value bytes. That was a bug, and has been changed in 1.11.4.
Furthermore, it retrieved an ftypes.GUID as a ByteArray, which is also incorrect.
If you wish to still get a ByteArray of the TvbRange, use FieldInfo:get_range()
to get the TvbRange, and then use Tvb:bytes() to convert it to a ByteArray.
Checks whether the end byte of lhs is before the end of rhs.
Errors
- Data source must be the same for both fields
Checks whether the end byte of rhs is before the beginning of rhs.
Errors
- Data source must be the same for both fields
Mode: Retrieve only.
The internal field type, a number which
matches one of the ftype values in init.lua.
Since: 1.99.8
Mode: Retrieve only.
The source Tvb object the FieldInfo is derived
from, or nil if there is none.
Since: 1.99.8
Mode: Retrieve only.
The TvbRange covering the bytes of this field in a Tvb.
Mode: Retrieve only.
Whether this field was marked as generated (boolean).
Mode: Retrieve only.
Whether this field was marked as hidden (boolean).
Since: 1.99.8
Mode: Retrieve only.
Whether this field was marked as being a URL (boolean).
Since: 1.99.8
Mode: Retrieve only.
Whether this field is little-endian encoded (boolean).
Since: 1.99.8
Mode: Retrieve only.
Whether this field is big-endian encoded (boolean).
Since: 1.99.8
Obtain all fields from the current tree. Note this only gets whatever fields the underlying dissectors have filled in for this packet at this time - there may be fields applicable to the packet that simply aren’t being filled in because at this time they’re not needed for anything. This function only gets what the C-side code has currently populated, not the full list.
Errors
- Cannot be called outside a listener or dissector