SHOW:
|
|
- or go back to the newest paste.
| 1 | -- ########################################################################### | |
| 2 | - | -- ################ |
| 2 | + | |
| 3 | -- | |
| 4 | - | -- ################ |
| 4 | + | -- Consider the Foo Protocol, which consists of only the Foo Packet defined as: |
| 5 | - | local _curport = nil -- current port under which this protocol is registered |
| 5 | + | -- |
| 6 | -- Byte Offset Len Desc | |
| 7 | -- 0 4 32-bit unsigned integer | |
| 8 | -- 4 8 ASCII string (zero-padded) | |
| 9 | -- 12 5 byte array | |
| 10 | -- 17 4 IPv4 address | |
| 11 | -- | |
| 12 | -- Foo operates on UDP port 3456, but this port is configurable from Foo's preferences. | |
| 13 | - | proto_foo.fields.num = ProtoField.uint32("foo.num", "Unsigned integer (32-bit)")
|
| 13 | + | -- This Wireshark Lua script implements this example protocol. |
| 14 | - | proto_foo.fields.str = ProtoField.stringz("foo.str", "Null-terminated string")
|
| 14 | + | -- ########################################################################### |
| 15 | - | proto_foo.fields.bytes = ProtoField.bytes("foo.bytes", "Byte array")
|
| 15 | + | local _curport = nil -- current port under which this protocol is registered |
| 16 | - | proto_foo.fields.ip = ProtoField.ipv4("foo.ip", "IPv4 address")
|
| 16 | + | |
| 17 | local DEFAULT_PORT = 3456 | |
| 18 | ||
| 19 | -- 1. Declare the protocol with the Proto() function. | |
| 20 | local proto_foo = Proto("foo", "Foo Protocol")
| |
| 21 | ||
| 22 | -- 2. Declare the protocol's fields with the ProtoField.XXX() functions. | |
| 23 | proto_foo.fields.num = ProtoField.uint32("foo.num", "Unsigned integer (32-bit)")
| |
| 24 | proto_foo.fields.str = ProtoField.stringz("foo.str", "Null-terminated string")
| |
| 25 | proto_foo.fields.bytes = ProtoField.bytes("foo.bytes", "Byte array")
| |
| 26 | proto_foo.fields.ip = ProtoField.ipv4("foo.ip", "IPv4 address")
| |
| 27 | ||
| 28 | -- 3. (OPTIONAL) Declare the protocol's preferences with the Pref.XXX() functions. | |
| 29 | proto_foo.prefs.port = Pref.uint("Port", DEFAULT_PORT, "UDP port number")
| |
| 30 | ||
| 31 | -- 4. Declare the protocol's dissector function | |
| 32 | function proto_foo.dissector(buf, pinfo, tree) | |
| 33 | ||
| 34 | if buf:len() >= MIN_LEN then | |
| 35 | local offset = 0 | |
| 36 | local f = proto_foo.fields | |
| 37 | local subtree = tree:add(proto_foo, buf()) | |
| 38 | subtree:add(f.num , buf(offset, 4)); offset = offset + 4 | |
| 39 | subtree:add(f.str , buf(offset, 8)); offset = offset + 8 | |
| 40 | subtree:add(f.bytes , buf(offset, 5)); offset = offset + 5 | |
| 41 | subtree:add(f.ip , buf(offset, 4)); offset = offset + 4 | |
| 42 | end | |
| 43 | end | |
| 44 | ||
| 45 | -- 5. (OPTIONAL) Declare the protocol's init function. If this function is omitted, | |
| 46 | -- perform the protocol registration outside of it. | |
| 47 | function proto_foo.init() | |
| 48 | ||
| 49 | -- 6. Register the protocol with a DissectorTable (TCP port in this case) | |
| 50 | local dt = DissectorTable.get("tcp.port")
| |
| 51 | if _curport then dt:remove(_curport, proto_foo) end | |
| 52 | dt:add(proto_foo.prefs.port, proto_foo) | |
| 53 | _curport = proto_foo.prefs.port | |
| 54 | end | |
| 55 | ||
| 56 | -- XXX: do init here if proto_foo.init() does not exist. This file can | |
| 57 | -- only ever be loaded once (no way to undeclare a Proto), so no need | |
| 58 | -- to remove this dissector from a previously registered dissector table. | |
| 59 | --DissectorTable.get("udp.port"):add(proto_foo.prefs.port, proto_foo) |
