Wireshark-users: Re: [Wireshark-users] Calling MAC-LTE dissctor from lua dissector on the rest of

From: Tony Trinh <tony19@xxxxxxxxx>
Date: Wed, 18 Jan 2012 20:41:34 -0500
Your Lua is technically correct, but the MAC-LTE dissector cannot be called directly because it relies on its heuristic dissector to be called first. Perhaps Martin's upcoming changes will allow direct calls.

In the meantime, you can use the attached sample Lua as a workaround. It parses a custom header from UDP packets on port 1111 and then indirectly passes the remainder to the MAC-LTE heuristic dissector. If the PDU is missing the required starter string ("mac-lte"), the script inserts it into the buffer for you.

Remember to enable the MAC-LTE preference for "Try Heuristic LTE-MAC over UDP framing". 
Example run:

$ tshark -r dummy-mac-lte.pcap -Xlua_script:proto_foo.lua

  1 0.000000000 192.168.1.130 -> 1.1.1.1      MAC-LTE 77 RAR (RA-RNTI=1, SF=101) (RAPID=0: TA=0, UL-Grant=56332, Temp C-RNTI=8481) 
  2 0.000021000 192.168.1.130 -> 1.1.1.1      LTE RRC UL_CCCH 85 
  3 0.000029000 192.168.1.130 -> 1.1.1.1      MAC-LTE 73 DL: <CRC Failed> UEId=0 NO-RNTI=0 Raw data (3 bytes)
  4 259.696665000 192.168.1.130 -> 1.1.1.1      MAC-LTE 70 RAR (RA-RNTI=1, SF=101) (RAPID=0: TA=0, UL-Grant=56332, Temp C-RNTI=8481) 
  5 259.696684000 192.168.1.130 -> 1.1.1.1      LTE RRC UL_CCCH 78 
  6 259.696692000 192.168.1.130 -> 1.1.1.1      MAC-LTE 66 DL: <CRC Failed> UEId=0 NO-RNTI=0 Raw data (3 bytes)


On Tue, Jan 17, 2012 at 5:51 AM, Lehmann, Florian (EXT-Other - DE/Ulm) <florian.lehmann.ext@xxxxxxx> wrote:
Hi All,

I hope this is the right place to ask as I can't find any helpful
information.
I have a simple UDP Protocol, which has a MAC-LTE packet embedded. After
dissecting my part of the packet, I would like to call the MAC-LTE
dissector on the rest of the data.

Calling the MAC-LTE dissector like:

local dissector = Dissector.get("mac-lte")
dissector:call(buffer(macPduDumpDataPos):tvb(), pinfo, subtree)

results in the following error message:
Can't dissect LTE MAC frame because no per-frame info was attached.

Could anyone point me in the right direction, how to dissect only the
header information from my custom protocol and to call the MAC-LTE
dissector afterwards?

I am using Wireshark version 1.5.1-RL30_110407 (SVN Rev 35697 from
/trunk).

Thanks and BR,
Florian


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Attachment: dummy-mac-lte.pcap
Description: Binary data

Attachment: proto_foo.lua
Description: Binary data