1 | initial version |
The problem seems to be that packet-ethertype.c:dissect_ethertype()
expects to be passed a pointer to an ethertype_data_t
. Since there appears to be no way to pass this data to the dissector from a Lua dissector, dissect_ethertype()
rejects it since the data is NULL
.
I don't know any way around this problem except to open a bug report and see if someone can add support for this, or to rewrite the f2 shim as a built-in C dissector and ideally submit it for inclusion into Wireshark.
(Incidentally, the comment for dissect_ethertype()
is wrong and should be fixed.)
So in theory, the f2 shim Lua dissector would look something more like so:
f2_shim = Proto ("f2_shim", "Cisco F2 shim header") index = ProtoField.uint16("f2_shim.index", "Index", base.HEX) data = ProtoField.uint64("f2_shim.data", "Data", base.HEX) f2_shim.fields = {index, data} function f2_shim.dissector(buffer, pinfo, tree) local etype_data = nil -- The "magic" piece we can't use from Lua pinfo.cols.protocol = "f2_shim" local subtree = tree:add(f2_shim, buffer(0, 10)) subtree:add(index, buffer:range(0, 2)) subtree:add(data, buffer:range(2, 8)) --[[ In theory, we'd initialize and pass a pointer to etype_data, consisting of: etype payload_offset fh_tree trailer_fd fcs_len --]] Dissector.get("ethertype"):call(buffer:range(10):tvb(), pinfo, tree, etype_data) end ether_table = DissectorTable.get("ethertype") ether_table:add(0xf001, f2_shim)
2 | No.2 Revision |
The problem seems to be that packet-ethertype.c:dissect_ethertype()
expects to be passed a pointer to an ethertype_data_t
. Since there appears to be no way to pass this data to the dissector from a Lua dissector, dissect_ethertype()
rejects it since the data is NULL
.
I don't know any way around this problem except to open a bug report and see if someone can add support for this, or to rewrite the f2 shim as a built-in C dissector and ideally submit it for inclusion into Wireshark.
(Incidentally, the comment for dissect_ethertype()
is wrong and should be fixed.)
So in theory, the f2 shim Lua dissector would look something more like so:
f2_shim = Proto ("f2_shim", "Cisco F2 shim header") index = ProtoField.uint16("f2_shim.index", "Index", base.HEX) data = ProtoField.uint64("f2_shim.data", "Data", base.HEX) f2_shim.fields = {index, data} function f2_shim.dissector(buffer, pinfo, tree) local etype_data = nil -- The "magic" piece we can't use from Lua pinfo.cols.protocol = "f2_shim" local subtree = tree:add(f2_shim, buffer(0, 10)) subtree:add(index, buffer:range(0, 2)) subtree:add(data, buffer:range(2, 8)) --[[ In theory, we'd initialize and pass a pointer to etype_data, consisting of: etype payload_offset fh_tree trailer_fd fcs_len --]] Dissector.get("ethertype"):call(buffer:range(10):tvb(), pinfo, tree, etype_data) end ether_table = DissectorTable.get("ethertype") ether_table:add(0xf001, f2_shim)
Lastly, since there seems to be some confusion about this f2 shim, here's some packet data that can be converted to a pcap file using text2pcap
for testing, e.g., text2pcap f2_shim.txt f2_shim.pcap
. It adds an f2 shim with index=1 and data=0xdeadbeefdeadbeef, at least as I understand the format and placement of the f2 shim to be. The real payload should be dissected as IP (carrying UDP), but it isn't due to the limitations described above:
0000 00 0e b6 00 00 02 00 0e b6 00 00 01 f0 01 00 01 0010 de ad be ef de ad be ef 08 00 45 00 00 37 00 00 0020 40 00 40 11 b5 ea c0 00 02 65 c0 00 02 66 82 35 0030 82 35 00 23 e8 54 53 b2 6e 9a bc de f0 c0 00 02 0040 64 20 01 0d b8 00 00 00 00 00 00 00 2f 2a 00 00 0050 01