Wireshark-dev: Re: [Wireshark-dev] Lua dissector for raw 802.11 data frames

From: "Kanstrup, Mikael" <Mikael.Kanstrup@xxxxxxxx>
Date: Tue, 22 May 2018 12:59:59 +0000
?> I am working on a dissector that dissects a proprietary protocol that uses raw 802.11 data frames. The protocol > specification is not open so I won't be able to contribute the dissector. I've therefore chosen to implement it in Lua.

>

> Without patching Wireshark's 802.11 dissector I'm not able to register my own dissector. So seeking advice on proper > ways to proceed and implement.


> I can get it working by adding support for heuristic sub-dissectors on 802.11 data frames. An unfinished example > uploaded here:

> https://code.wireshark.org/review/#/c/27641/?

I've uploaded an updated version of that patch that now only hand-offs the data portion of the frame. This together with me realizing that frame header fields can be accessed via Fields.new(...) solves the original problems I faced.

With the patch above applied I can register a (Lua) heuristics dissector for raw 802.11 data frames.

Updated Lua sample dissector below:

local proto_example = Proto("example", "example protocol")

local wlan_ra_f = Field.new("wlan.ra")
local f = proto_example.fields

function is_example_protocol(tvb, pinfo)
    -- check frame and decide whether example protocol
    -- if access to 802.11 frame header fields is needed these can
    -- be retrieved via:
    local wlan_ra = wlan_ra_f()
    -- ...
    return true
end

function proto_example.dissector(tvb, pinfo, tree)
    if not is_example_protocol(tvb) then
        return 0
    end
    pinfo.cols.info = ""
    pinfo.cols.protocol = "Example"
    tree = tree:add(proto_example, tvb)
    tree:add(f.data, tvb(0));
    return tvb:len()
end

proto_example:register_heuristic("wlan_data", proto_example.dissector)

f.data = ProtoField.bytes("example.data", "data")

/Mikael