Getting started writing a dissector plugin in lua, I found the examples
on the wiki to be rather esoteric. Only having previously written a
plugin in C gave me any idea where to start.
Is there any interest in including a more "ordinary" dissector example
on the wiki, or with the wireshark install for that matter?
Here is a working example, however I've no idea if it is best-practice
implementation...
-- Wireshark dissector for CobraNet protocol (ethertype == 0x8819)
do
-- Create a new dissector
COBRANET = Proto ("cobranet", "CobraNet")
local cobranet_ethertype = 0x8819
-- Create the protocol fields
local pdus= {[0]="Beat", [1]="Reservation", [0x10]="Audio"}
local f = COBRANET.fields
f.pdu = ProtoField.uint8 ("cobranet.pdu", "PDU Type", nil, pdus)
f.version = ProtoField.uint8 ("cobranet.version", "Version")
f.res_ip = ProtoField.ipv4 ("cobranet.res_ip", "IP address")
f.tx_bundles = ProtoField.string("cobranet.tx_bundles")
f.tx_bundle = ProtoField.bytes ("cobranet.tx_bundle", "Tx Bundle")
f.tx_bundle_num = ProtoField.uint16 ("cobranet.tx_bundle_num", "Tx
Bundle Num")
f.rx_bundles = ProtoField.string("cobranet.rx_bundles")
f.rx_bundle = ProtoField.bytes ("cobranet.rx_bundle", "Rx Bundle")
f.rx_bundle_num = ProtoField.uint16 ("cobranet.rx_bundle_num", "Rx
Bundle Num")
f.unknown = ProtoField.bytes ("cobranet.unknown", "Unknown")
f.the_rest = ProtoField.bytes ("cobranet.the_rest", "The Rest")
function tx_bundle(buffer, subtree, n)
local tx = subtree:add_le(f.tx_bundle_num, buffer(16 + 2 + n * 6, 2))
tx:add(f.tx_bundle, buffer(16 + n * 6, 6))
end
function tx_bundles(buffer, subtree)
local n
local tx_tree = subtree:add(f.tx_bundles)
tx_tree:set_text("Tx Bundles")
for n = 0, 3, 1 do
tx_bundle(buffer, tx_tree, n)
end
end
function rx_bundle(buffer, subtree, n)
local rx = subtree:add_le(f.rx_bundle_num, buffer(42 + 2 + n * 10, 2))
rx:add(f.rx_bundle, buffer(42 + n * 10, 10))
end
function rx_bundles(buffer, subtree)
local n
local rx_tree = subtree:add(f.rx_bundles)
rx_tree:set_text("Rx Bundles")
for n = 0, 7, 1 do
rx_bundle(buffer, rx_tree, n)
end
end
-- The dissector function
function COBRANET.dissector (buffer, packet, tree)
-- Adding fields to the tree
local subtree = tree:add (COBRANET, buffer())
local offset = 0
local n
local pdu_buf= buffer (0, 1)
local pdu = pdu_buf:uint()
packet.cols.protocol:set("CobraNet")
packet.cols.info:set(pdus[pdu])
subtree:add (f.pdu, pdu_buf)
subtree:add (f.version, buffer (1, 1))
offset = 2
if pdu == 1 then
subtree:add(f.unknown, buffer(2, 8))
subtree:add(f.res_ip, buffer(10, 4))
subtree:add(f.unknown, buffer(14, 2))
tx_bundles(buffer, subtree)
subtree:add(f.unknown, buffer(40, 2))
rx_bundles(buffer, subtree)
offset = 122
end
subtree:add (f.the_rest, buffer(offset))
end
ether_table = DissectorTable.get ("ethertype")
ether_table:add (cobranet_ethertype, COBRANET)
end
--
Eliot Blennerhassett
AudioScience Inc.