我尝试用lua为wireshark写解剖器。我需要解析头字段版本= 4字节(0x00000000)
我的代码:
do
local asc_sccp =Proto("asc_sccp", "ASC Skinny Client Control Protocol")
local f =asc_sccp.fields
f.length = ProtoField.bytes("asc_sccp.length", "length")
f.version =ProtoField.uint8("asc_sccp.version", "version", base.HEX, 0xC)
function asc_sccp.init()
end
function asc_sccp.dissector(buffer,pinfo,tree)
local subtree = tree:add (asc_sccp, buffer())
local offset = 0
pinfo.cols.protocol = asc_sccp.name
local length = buffer (offset, 4)
subtree:add (f.length, length)
subtree:append_text ("Data length: " .. length)
offset = offset + 4
local version = buffer (offset, 4)
subtree:add (f.version, version)
subtree:append_text (" Version: " .. version)
end
local tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(2000, asc_sccp)
end
为什么我收到错误'尝试索引全球'基数'(零值)'? 你能帮忙吗,我看了很多解剖器的例子,但我找不到解决方案
答案 0 :(得分:1)
在这行代码中:
f.version =ProtoField.uint8("asc_sccp.version", "version", base.HEX, 0xC)
您正在访问变量'base'。具体来说,您通过告诉Lua它是一个包含键“HEX”并尝试检索该键值的表来索引它。除非你将变量'base'定义为某个表(或userdata)并在键“HEX”处添加一个值,否则lua会抱怨你试图索引一个名为'base'的全局变量,当它实际上是nil时(即不存在)。
答案 1 :(得分:1)
可能会发生这种情况,因为未安装init.lua
。如果未安装开发包,这可能发生在基于Redhat的发行版(Fedora,Centos,RHEL等)中。请在此处查看答案:https://stackoverflow.com/a/40489742/409638