Wireshark-dev: Re: [Wireshark-dev] Intro and lua question
From: Michael Mann <mmann78@xxxxxxxxxxxx>
Date: Fri, 21 Oct 2016 16:41:27 -0400
Does your protocol give the length of your variable data within the fixed header? If so, tcp_dissect_pdus would be for you, but I don't immediately see how that's implemented in Lua (IANALP - I am not a Lua programmer). I did a quick search through Bugzilla because I remember it being talked about, but you may also want to check the -dev archives.
If the variable length is not given in the fixed length packet, I'd check out https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9896. There's a sample Lua script from Hadriel that may be way you're looking for.
Michael
-----Original Message-----
From: Jerry White <jerrywhite518@xxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Fri, Oct 21, 2016 4:25 pm
Subject: [Wireshark-dev] Intro and lua question
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
From: Jerry White <jerrywhite518@xxxxxxxxx>
To: wireshark-dev <wireshark-dev@xxxxxxxxxxxxx>
Sent: Fri, Oct 21, 2016 4:25 pm
Subject: [Wireshark-dev] Intro and lua question
Hi,
Quick intro: I'm Jerry White, live in the SF Bay Area. I've been a Wireshark user since the ethereal days. Also have pretty good experience with Riverbed SteelCentral Transaction Analyzer (aka ATX.) I used to work for OPNET/Riverbed. So Gerald Combs and I were co-workers. And Laura Chappell is my hero. Okay, name dropping is done, here's my question:
My coding skills are rudimentary. Perhaps a 2 out of 10. I'm writing my first lua dissector. The protocol runs under tcp on a certain port range. I've gotten a lot of help by following Hadriel Kaplan's sample script and youtube video. Everything was cool, I built a tree and put stuff into the info column in the WS gui. Now I've just learned that the protocol repeats itself inside of a packet. Let me give you an example:
Simple packet
<tcp header stuff><MyProto fixed length header><MyProto variable length data>
I can pull stuff out of the MyProto header and data fields just fine. If life were just these type of packets I wouldn't be here.
Advanced packet
<tcp header stuff><MyProto fixed length header><MyProto variable length data><MyProto fixed length header><MyProto variable length data><MyProto fixed length header><MyProto variable length data>
This packet has three application transactions in it. The first 8 bytes of the MyProto header are always the same, and I can count from there into the packet to parse out the fields I need. The problem is, since the data section is variable length, I don't know where to look for the next header. How do I do that in lua?
Here's my code:
function mgi.dissector(tvbuf, pktinfo, root)
pktinfo.cols.protocol:set("SomosMGI")
local pktlen = tvbuf:reported_length_remaining()
local tree = root:add(mgi, tvbuf:range(0,pktlen))
local info_mgi_header = tvbuf:range(0,4)
tree:add(pf_mgi_header, tvbuf:range(0,4))
local info_mgi_msg_id = tvbuf:range(9,10)
tree:add(pf_mgi_msg_id, tvbuf:range(9,10))
local info_mgi_flag = tvbuf:range(19,1)
tree:add(pf_mgi_flag, tvbuf:range(19,1))
local info_mgi_msg_type = tvbuf:range(99,7)
tree:add(pf_mgi_msg_type, tvbuf:range(99,7))
local info_mgi_msg_subtype = tvbuf:range(157,4)
tree:add(pf_mgi_msg_subtype, tvbuf:range(157,4))
--if info_mgi_flag == "c4" then
--pktinfo.cols.info:set("HEADER=")
--pktinfo.cols.info:append("".. info_mgi_header ..",") -- printed "7e7e7e7e"
pktinfo.cols.info:set("MSGID=")
pktinfo.cols.info:append("".. info_mgi_msg_id ..",")
pktinfo.cols.info:append("FLAG=")
pktinfo.cols.info:append("".. info_mgi_flag ..",")
pktinfo.cols.info:append("MSGTYPE=")
pktinfo.cols.info:append("".. info_mgi_msg_type ..",")
pktinfo.cols.info:append("SUBTYPE=")
pktinfo.cols.info:append("".. info_mgi_msg_subtype .."")
--end
return pktlen
Thanks for any help you can provide.
Jerry
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-dev] Intro and lua question
- From: Jerry White
- [Wireshark-dev] Intro and lua question
- Prev by Date: [Wireshark-dev] Intro and lua question
- Next by Date: Re: [Wireshark-dev] Problem with val_to_str inside BASE_CUSTOM callback function
- Previous by thread: [Wireshark-dev] Intro and lua question
- Next by thread: Re: [Wireshark-dev] Intro and lua question
- Index(es):