SHOW:
|
|
- or go back to the newest paste.
| 1 | -- ########################################################################### | |
| 2 | -- # proto_foo.lua | |
| 3 | -- | |
| 4 | -- Consider the Foo Protocol, which consists of only the Foo Packet defined as: | |
| 5 | -- | |
| 6 | -- Byte Offset Len Desc | |
| 7 | -- 0 4 32-bit unsigned integer | |
| 8 | -- 4 8 ASCII string (zero-padded) | |
| 9 | -- 12 5 byte array | |
| 10 | -- 17 4 IPv4 address | |
| 11 | -- | |
| 12 | -- Foo operates on UDP port 3456, but this port is configurable from Foo's preferences. | |
| 13 | -- This Wireshark Lua script implements this example protocol. | |
| 14 | -- ########################################################################### | |
| 15 | local _curport = nil -- current port under which this protocol is registered | |
| 16 | local MIN_LEN = 21 -- min buffer length (21 = 4+8+5+4) | |
| 17 | local DEFAULT_PORT = 3456 | |
| 18 | ||
| 19 | -- 1. Declare the protocol with the Proto() function. | |
| 20 | local proto_foo = Proto("foo", "Foo Protocol")
| |
| 21 | ||
| 22 | -- 2. Declare the protocol's fields with the ProtoField.XXX() functions. | |
| 23 | proto_foo.fields.num = ProtoField.uint32("foo.num", "Unsigned integer (32-bit)")
| |
| 24 | proto_foo.fields.str = ProtoField.stringz("foo.str", "Null-terminated string")
| |
| 25 | proto_foo.fields.bytes = ProtoField.bytes("foo.bytes", "Byte array")
| |
| 26 | proto_foo.fields.ip = ProtoField.ipv4("foo.ip", "IPv4 address")
| |
| 27 | ||
| 28 | -- 3. (OPTIONAL) Declare the protocol's preferences with the Pref.XXX() functions. | |
| 29 | proto_foo.prefs.port = Pref.uint("Port", DEFAULT_PORT, "UDP port number")
| |
| 30 | ||
| 31 | -- 4. Declare the protocol's dissector function | |
| 32 | function proto_foo.dissector(buf, pinfo, tree) | |
| 33 | ||
| 34 | if buf:len() >= MIN_LEN then | |
| 35 | pinfo.cols.protocol = "FOO" | |
| 36 | local offset = 0 | |
| 37 | local f = proto_foo.fields | |
| 38 | local subtree = tree:add(proto_foo, buf()) | |
| 39 | subtree:add(f.num , buf(offset, 4)); offset = offset + 4 | |
| 40 | subtree:add(f.str , buf(offset, 8)); offset = offset + 8 | |
| 41 | subtree:add(f.bytes , buf(offset, 5)); offset = offset + 5 | |
| 42 | subtree:add(f.ip , buf(offset, 4)); offset = offset + 4 | |
| 43 | end | |
| 44 | end | |
| 45 | ||
| 46 | -- 5. (OPTIONAL) Declare the protocol's init function. If this function is omitted, | |
| 47 | -- perform the protocol registration outside of it. | |
| 48 | function proto_foo.init() | |
| 49 | ||
| 50 | -- 6. Register the protocol with a DissectorTable (TCP port in this case) | |
| 51 | local dt = DissectorTable.get("tcp.port")
| |
| 52 | if _curport then dt:remove(_curport, proto_foo) end | |
| 53 | dt:add(proto_foo.prefs.port, proto_foo) | |
| 54 | _curport = proto_foo.prefs.port | |
| 55 | end | |
| 56 | ||
| 57 | -- XXX: do init here if proto_foo.init() does not exist. This file can | |
| 58 | -- only ever be loaded once (no way to undeclare a Proto), so no need | |
| 59 | -- to remove this dissector from a previously registered dissector table. | |
| 60 | --DissectorTable.get("udp.port"):add(proto_foo.prefs.port, proto_foo) |
