API tools faq
paste
Advertisement
Guest User

Foo Protocol Example (Wireshark Lua)

a guest
Jun 5th, 2012
291
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Lua 2.52 KB | None | 0 0
raw download clone embed print report diff
  1. -- ###########################################################################
  2. -- # proto_foo.lua
  3. --
  4. -- Consider the Foo Protocol, which consists of only the Foo Packet defined as:
  5. --
  6. --  Byte Offset     Len Desc
  7. --  0           4   32-bit unsigned integer
  8. --  4           8   ASCII string (zero-padded)
  9. --  12          5   byte array
  10. --  17          4   IPv4 address
  11. --
  12. -- Foo operates on UDP port 3456, but this port is configurable from Foo's preferences.
  13. -- This Wireshark Lua script implements this example protocol.
  14. -- ###########################################################################
  15. local _curport = nil        -- current port under which this protocol is registered
  16. local MIN_LEN = 21      -- min buffer length (21 = 4+8+5+4)
  17. local DEFAULT_PORT = 3456
  18.  
  19. -- 1. Declare the protocol with the Proto() function.
  20. local proto_foo = Proto("foo", "Foo Protocol")
  21.  
  22. -- 2. Declare the protocol's fields with the ProtoField.XXX() functions.
  23. proto_foo.fields.num    = ProtoField.uint32("foo.num", "Unsigned integer (32-bit)")
  24. proto_foo.fields.str    = ProtoField.stringz("foo.str", "Null-terminated string")
  25. proto_foo.fields.bytes  = ProtoField.bytes("foo.bytes", "Byte array")
  26. proto_foo.fields.ip     = ProtoField.ipv4("foo.ip", "IPv4 address")
  27.  
  28. -- 3. (OPTIONAL) Declare the protocol's preferences with the Pref.XXX() functions.
  29. proto_foo.prefs.port = Pref.uint("Port", DEFAULT_PORT, "UDP port number")
  30.  
  31. -- 4. Declare the protocol's dissector function
  32. function proto_foo.dissector(buf, pinfo, tree)
  33.    
  34.     if buf:len() >= MIN_LEN then
  35.         local offset = 0
  36.         local f = proto_foo.fields
  37.         local subtree = tree:add(proto_foo, buf())
  38.         subtree:add(f.num   , buf(offset, 4)); offset = offset + 4
  39.         subtree:add(f.str   , buf(offset, 8)); offset = offset + 8
  40.         subtree:add(f.bytes , buf(offset, 5)); offset = offset + 5
  41.         subtree:add(f.ip    , buf(offset, 4)); offset = offset + 4
  42.     end
  43. end
  44.    
  45. -- 5. (OPTIONAL) Declare the protocol's init function. If this function is omitted,
  46. -- perform the protocol registration outside of it.
  47. function proto_foo.init()
  48.  
  49.     -- 6. Register the protocol with a DissectorTable (TCP port in this case)
  50.     local dt = DissectorTable.get("tcp.port")
  51.     if _curport then dt:remove(_curport, proto_foo) end
  52.     dt:add(proto_foo.prefs.port, proto_foo)
  53.     _curport = proto_foo.prefs.port
  54. end
  55.  
  56. -- XXX: do init here if proto_foo.init() does not exist. This file can
  57. -- only ever be loaded once (no way to undeclare a Proto), so no need
  58. -- to remove this dissector from a previously registered dissector table.
  59. --DissectorTable.get("udp.port"):add(proto_foo.prefs.port, proto_foo)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!