1 | initial version |
To support protobuf over tcp, you can write a Lua script and put it in your Lua plugins directory ("Help->About Wireshark->Folders->Personal Lua Plugins").
The file name might be "protobuf_tcp.lua", and the content likes:
do
local protobuf_tcp_proto = Proto("protobuf_tcp", "Protobuf over TCP")
local protobuf_dissector = Dissector.get("protobuf")
local f_length = ProtoField.uint32("protobuf_tcp.length", "Length", base.DEC)
protobuf_tcp_proto.fields = { f_length }
-- This must be the root message defined in your .proto file
local message_type = "tutorial.AddressBook"
function protobuf_tcp_proto.dissector(tvb, pinfo, tree)
local offset = 0
local remaining_len = tvb:len()
local subtree = tree:add(protobuf_tcp_proto, tvb())
pinfo.columns.protocol:set("PB_TCP")
while remaining_len > 0 do
if remaining_len < 4 then -- head not enough
pinfo.desegment_offset = offset
pinfo.desegment_len = DESEGMENT_ONE_MORE_SEGMENT
return -1
end
local data_len = tvb(offset, 4):uint()
if remaining_len - 4 < data_len then -- data not enough
pinfo.desegment_offset = offset
pinfo.desegment_len = data_len - (remaining_len - 4)
return -1
end
subtree:add(f_length, tvb(offset, 4))
pinfo.private["pb_msg_type"] = "message," .. message_type
pcall(Dissector.call, protobuf_dissector, tvb(offset + 4, data_len):tvb(), pinfo, subtree)
offset = offset + 4 + data_len
remaining_len = remaining_len - 4 - data_len
end
end
-- TCP port
DissectorTable.get("tcp.port"):add(18127, protobuf_tcp_proto)
end
Remember to replace "tutorial.AddressBook" with the fullname of the root message defined in your .proto file and tcp port 18127 with your tcp port of your capture file.
You should be sure your .proto file is in the "Protobuf search paths", and make sure "load all files" option checked.
You can use "decode as" now if your message types for all tcp ports are the same.
Certainly, you can make the message type for each tcp port different and configurable by adding something like: protobuf_tcp_proto.prefs.tcp_port_message_maps = Pref.string("TCP Ports and Message Maps", "18127:tutorial.AddressBook", "Format: port1:message.type1,port2:message.type2,...") But that need more code.