Wireshark-users: Re: [Wireshark-users] LUA support for compressed protocols

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx>
Date: Thu, 1 Jun 2023 10:07:19 +0200
Hello Chuck, all,
yes, it is not a bad starter, indeed,  the key line in this context is this one, of course:

            if proto_zip.prefs.decompress and comp_method == 8 then
                local data_tvb = tvb(offset, data_len):uncompress("Decompressed data")

so, it operates on DEFLATE (method 8 as per ZIP spec) method by default. Which leads to the next question: can/should  functions in LUA, uncompress in this case, be overridden, it is a generic term but I guess you got an idea -- same name/access to tvb but different functionality,  as in my specific case it is for sure not what is used for compression ?

Kind Regards
Ariel Burbaickij




On Thu, Jun 1, 2023 at 7:47 AM chuck c <bubbasnmp@xxxxxxxxx> wrote:
https://wiki.wireshark.org/Contrib#file-formats
file-zip.lua - 2016-12-22 - 1.11.3? - Dissects the structure of a Zip archive using heuristics. Hosted on git.lekensteyn.nl

                local data_tvb = tvb(offset, data_len):uncompress("Decompressed data")

On Wed, May 31, 2023 at 3:52 PM Maynard, Chris via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:

I don’t have any examples to share, but Lua does have support for compressed data in the form of tvbrange:uncompress(name).  You could searching at https://wiki.wireshark.org/Lua (as well as the examples and contrib pages) to *possibly* find some examples using it.

 

- Chris

Ref: 11.6.3.28. tvbrange:uncompress(name): https://www.wireshark.org/docs/wsdg_html/#lua_class_TvbRange

 

 

From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of Ariel Burbaickij
Sent: Wednesday, May 31, 2023 4:35 AM
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] LUA support for compressed protocols

 

Hello community,

Wireshark Developers' Guide in section 9.4 provides a rough guideline  for C dissector plugin. I am looking for some examples on how to handle compressed protocols (in the specific case -- something V.42bis over TCP inspired) in LUA. Are you aware of any such examples ?

 

Kind Regards

Ariel Burbaickij

CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe