How to pass table data as argument in Protofield.string() function in lua dissactor?

Question

I have written a dissactor for a protocol in lua script. Dissactor is working fine. But i want to know one update in the dissactor file.

p_abcd = Proto("abcd", "ABCD")

I have created a table for different type of message. Below is the table -

 local message_types = {
 [1] = "MAC ID", 
 [2] = "AP MODEL NAME",
 [3] = "AP SERIAL NUMBER",
 [4] = "CAUSE",
 [5] = "AP STATE",
 [6] = "AP SOFTWARE VERSION",
 [7] = "AP_IP_ADDRESS"
}

Below is one protofield, which i have created for this protocol and registered this as a field.

local attribute_type = ProtoField.string("abcd.message_type", "Attribute Type")  
p_abcd.fields = {attribute_type}
tree_attribute:add(attribute_type, data(index, 2), message_types[data(index, 2):int()])

if i will apply filter in wireshark on any message field, it will display "abcd.message_type = some_valve" as filter value for all message types.

I want to display this filter value according to different message types, like "abcd.mac_id = some_value" for MAC ID, without creating seperate protofield for each message type.

Is it possible to do this with the help of message_types table?

Answer 1

I'm not sure I understand your question, but normally for a 2-byte field, you would have something like so:

local attribute type = ProtoField.uint16("abcd.message_type", "Attribute Type", base.DEC, message_types, 0x0000, "Optional Message type description")
p_abcd.fields = {attribute_type}

tree_attribute:add(attribute_type, data(index, 2))

(See ProtoField for more information.)

Then, if you were looking for the message type equal to the MAC ID, you would apply a Wireshark display filter of "abcd.message_type eq 1". If this isn't what you were looking for, then please clarify your question.