Wireshark dissector in Lua - userdata

Question

I am new to Lua, and I am building a custom dissector for Wireshark. My situation is this:

The wireshark data consists of hex numbers such as 4321 8765 CBA9. What I would like to wind up with is (after it has been dissected) : CBA9 8765 4321.

What I have done so far is create a small function in Lua that will take these numbers individually, convert them to strings, and places them in the correct order.

function ReverseOrder3Numbers(hex_1, hex_2, hex_3)
local hex_1_int = hex_1:uint()
local hex_2_int = hex_2:uint()
local hex_3_int = hex_3:uint()

word1 = string.format("%04X", hex_1_int)    
word2 = string.format("%04X", hex_2_int)
word3 = string.format("%04X", hex_3_int)

combined_string = "0x" .. word3 .. word2 .. word1

output = combined_string
return output

end

However, once I go to add this bunch to the tree, I get an error saying Lua Error: ...: calling 'add' on bad self (userdata expected, got string).

How can I get around this? Do I need a different approach entirely? I am not looking for anything complex or fancy. All I need to do is what I described. Any help would be appreciated.

Answer 1

There's nothing really wrong with ReverseOrder3Numbers (other than perhaps some missing local qualifiers). You should update your question to include the code that invokes add.

You might've accidentally used tree.add( ... ) instead of tree:add( ... ) (note the colon after tree).

Answer 2

Call tree:add() will send to the object 'tree' the direct link to 'tree' itself as first implicitly argument. And no matter how much args you will attach to this call or no one at all. Use tree.add() sintax if your 'add' method doesn't support self-link. In this case 'self' should be linked to the 'tree' object inside the 'add' method.

Answer 3

It's not clear what you pass to the function ReverseOrder3Numbers. But since you access theses parameeters with the uint method I assume that the parameters are tvb:range(x,y) results. If you want to change the order of the digits inside the individual values, you can use the endianess-aware methods:

function ReverseOrder3Numbers(hex_1, hex_2, hex_3)
local hex_1_int = hex_1:le_uint()
local hex_2_int = hex_2:le_uint()
local hex_3_int = hex_3:le_uint()
...
end

If you want to change the endianess of data that is added to the tree you should use the endianess-aware version of the add method.

tree:le_add(f_MyProtoField, tvb:range(x,y), ReverseOrder3Numbers(...))

I don't know the reason why le is suffix in the one case and a prefix in the other.