802.11 lua dissector

answered 2020-04-23 18:41:15 +0000

11115 ●11 ●317 ●165 https://www.igt.com/

If by Protocol ID of the LLC, you mean the llc.type field, then maybe something like the following could help?

local legrandnono = Proto("legrandnono", "legrandnono dissector")

local pf = {
    data = ProtoField.bytes("legrandnono.data", "legrandnono Data", base.NONE)
}

-- Register protocol fields
legrandnono.fields = pf

-- Assume an OUI of 00:00:00 and LEGRANDNONO_ETYPE Ethertype represents a legrandnono packet
local LEGRANDNONO_ETYPE     = 0xa861
local LEGRANDNONO_OUI       = 0

local etypetable = DissectorTable.get("ethertype")
local etype_orig = etypetable:get_dissector(LEGRANDNONO_ETYPE)
local data_dis = Dissector.get("data")
local llc_oui = Field.new("llc.oui")

function legrandnono.dissector(tvbuf, pinfo, tree)

    local llc_oui_ex = llc_oui()
    if llc_oui_ex == nil or llc_oui_ex.value ~= LEGRANDNONO_OUI then
        if etype_orig ~= nil then
            etype_orig:call(tvbuf, pinfo, tree)
        else
            data_dis:call(tvbuf, pinfo, tree)
        end
        return
    end

    pinfo.cols.protocol:set("legrandnono")

    local legrandnono_tree = tree:add(legrandnono, tvbuf(0, tvbuf:len()))
    legrandnono_tree:add(pf.data, tvbuf(0, tvbuf:len()), tvbuf:len())
end

etypetable:add(LEGRANDNONO_ETYPE, legrandnono)

edit flag offensive delete link

Comments

That won't work if the OUI isn't 00:00:00; for that, we'd need a way to call llc_add_oui() from Lua code.

Guy Harris ( 2020-04-23 21:55:16 +0000 )edit

In the absence of such a change, then a post-dissector implementation might suffice, as long as you don't mind the un-dissected generic data being present in the tree. For example:

local legrandnono = Proto("legrandnono", "legrandnono dissector")

local pf = {
    data = ProtoField.bytes("legrandnono.data", "legrandnono Data", base.NONE)
}

-- Register protocol fields
legrandnono.fields = pf

-- Assume an OUI of 12:34:56 and LEGRANDNONO_PID represents a legrandnono packet
local LEGRANDNONO_PID       = 0xa861
local LEGRANDNONO_OUI       = 1193046   -- 12:34:56

local data_data = Field.new("data.data")
local llc_oui = Field.new("llc.oui")
local llc_pid = Field.new("llc.pid")

function legrandnono.dissector(tvbuf, pinfo, tree)

    local llc_oui_ex = llc_oui()
    local llc_pid_ex = llc_pid()
    if llc_pid_ex == nil or llc_oui_ex == nil or data_data() == nil or
        llc_pid_ex.value ~= LEGRANDNONO_PID or llc_oui_ex.value ~= LEGRANDNONO_OUI then
        return
    end

    pinfo.cols.protocol:set("legrandnono")

    local data_tvb = data_data().range()
    local legrandnono_tree = tree:add(legrandnono, data_tvb(0, data_tvb:len()))

    legrandnono_tree:add(pf.data, data_tvb(0 ...

(more)

cmaynard ( 2020-04-24 00:04:37 +0000 )edit

Thanks for your help ! My dissector works well !

legrandnono ( 2020-05-01 08:22:45 +0000 )edit

You're welcome. Note that my answer was not meant to be a long-term definitive solution but merely one that can work in the absence of the recommended solution by @guy-harris, namely that, "we'd need a way to call llc_add_oui() from Lua code."

If that change is something you'd like to see, then I would suggest that you open a bug report at https://bugs.wireshark.org/bugzilla/, requesting this capability.

cmaynard ( 2020-05-04 15:02:42 +0000 )edit

add a comment

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

802.11 lua dissector edit

1 Answer

Comments