SHOW:
|
|
- or go back to the newest paste.
1 | -- ########################################################################### | |
2 | - | -- ################ |
2 | + | |
3 | -- | |
4 | - | -- ################ |
4 | + | -- Consider the Foo Protocol, which consists of only the Foo Packet defined as: |
5 | - | local _curport = nil -- current port under which this protocol is registered |
5 | + | -- |
6 | -- Byte Offset Len Desc | |
7 | -- 0 4 32-bit unsigned integer | |
8 | -- 4 8 ASCII string (zero-padded) | |
9 | -- 12 5 byte array | |
10 | -- 17 4 IPv4 address | |
11 | -- | |
12 | -- Foo operates on UDP port 3456, but this port is configurable from Foo's preferences. | |
13 | - | proto_foo.fields.num = ProtoField.uint32("foo.num", "Unsigned integer (32-bit)") |
13 | + | -- This Wireshark Lua script implements this example protocol. |
14 | - | proto_foo.fields.str = ProtoField.stringz("foo.str", "Null-terminated string") |
14 | + | -- ########################################################################### |
15 | - | proto_foo.fields.bytes = ProtoField.bytes("foo.bytes", "Byte array") |
15 | + | local _curport = nil -- current port under which this protocol is registered |
16 | - | proto_foo.fields.ip = ProtoField.ipv4("foo.ip", "IPv4 address") |
16 | + | |
17 | local DEFAULT_PORT = 3456 | |
18 | ||
19 | -- 1. Declare the protocol with the Proto() function. | |
20 | local proto_foo = Proto("foo", "Foo Protocol") | |
21 | ||
22 | -- 2. Declare the protocol's fields with the ProtoField.XXX() functions. | |
23 | proto_foo.fields.num = ProtoField.uint32("foo.num", "Unsigned integer (32-bit)") | |
24 | proto_foo.fields.str = ProtoField.stringz("foo.str", "Null-terminated string") | |
25 | proto_foo.fields.bytes = ProtoField.bytes("foo.bytes", "Byte array") | |
26 | proto_foo.fields.ip = ProtoField.ipv4("foo.ip", "IPv4 address") | |
27 | ||
28 | -- 3. (OPTIONAL) Declare the protocol's preferences with the Pref.XXX() functions. | |
29 | proto_foo.prefs.port = Pref.uint("Port", DEFAULT_PORT, "UDP port number") | |
30 | ||
31 | -- 4. Declare the protocol's dissector function | |
32 | function proto_foo.dissector(buf, pinfo, tree) | |
33 | ||
34 | if buf:len() >= MIN_LEN then | |
35 | local offset = 0 | |
36 | local f = proto_foo.fields | |
37 | local subtree = tree:add(proto_foo, buf()) | |
38 | subtree:add(f.num , buf(offset, 4)); offset = offset + 4 | |
39 | subtree:add(f.str , buf(offset, 8)); offset = offset + 8 | |
40 | subtree:add(f.bytes , buf(offset, 5)); offset = offset + 5 | |
41 | subtree:add(f.ip , buf(offset, 4)); offset = offset + 4 | |
42 | end | |
43 | end | |
44 | ||
45 | -- 5. (OPTIONAL) Declare the protocol's init function. If this function is omitted, | |
46 | -- perform the protocol registration outside of it. | |
47 | function proto_foo.init() | |
48 | ||
49 | -- 6. Register the protocol with a DissectorTable (TCP port in this case) | |
50 | local dt = DissectorTable.get("tcp.port") | |
51 | if _curport then dt:remove(_curport, proto_foo) end | |
52 | dt:add(proto_foo.prefs.port, proto_foo) | |
53 | _curport = proto_foo.prefs.port | |
54 | end | |
55 | ||
56 | -- XXX: do init here if proto_foo.init() does not exist. This file can | |
57 | -- only ever be loaded once (no way to undeclare a Proto), so no need | |
58 | -- to remove this dissector from a previously registered dissector table. | |
59 | --DissectorTable.get("udp.port"):add(proto_foo.prefs.port, proto_foo) |