Ask Your Question
0

dissector print format ?

asked 2020-05-07 18:05:23 +0000

I'm a novice at dissectors and Lua. But, I have managed to put something together for my needs using examples. Thanks!

If I look at the Ethernet portion of a UDP packet, I see the following field..

.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)

How does one get this type of formatting in their Lua script? Is there a function that I need to call that will print in this format?

Thanks.

-brad w.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
1

answered 2020-05-07 20:20:05 +0000

grahamb gravatar image

updated 2020-05-07 20:22:15 +0000

Caution, I'm a C programmer I only play at Lua.

The presentation is dictated by the field type in use, this is a boolean field with a bitmask to isolate the bit required along with a True\False string for the corresponding states of the bit. A lua bitfield type for the Ethernet LG field would be something like:

local myField = ProtoField.bool("eth.dst.lg", "LG Bit", 24, {"Locally administered address (this is NOT the factory default)", "Globally unique address (factory default)"}, 0x20000, "Specifies if this is a locally administered or globally unique (IEEE assigned) address")
edit flag offensive delete link more

Comments

Indeed, this is the easier and better solution, for this case and probably for the majority of cases.

If you need to isolate bits for summarizing in a tree or for displaying information in the Info column, or when calculating bitfields where some strange encoding is used, then you may need to use bit.band() and friends.

And perhaps it isn't applicable anymore, but in the old days, I recall that booleans didn't work with 64-bit bitfields, such as I ran into with ISO8583 bitmaps long ago, so special handling was needed there as well.

(And @Hadriel was the real Lua programmer around these parts, not me; I'm just a Lua pretender.)

cmaynard gravatar imagecmaynard ( 2020-05-07 21:35:25 +0000 )edit
0

answered 2020-05-07 20:10:35 +0000

cmaynard gravatar image

There is no built-in function for this. You would need to test each bit using bit operations (See http://bitop.luajit.org/), and then format the string using treeitem:set_text() and/or treeitem:append_text(). If you need to format a string beforehand, you can use string.format(), then pass that string to treeitem:set_text(), etc.

For example, to add the destination LG bit to the tree in another "protocol", FOO, shown here as a Lua postdissector:

    local p_foo = Proto("foo", "FOO")

    local f_foo_dst_lg = ProtoField.bool("foo.dst.lg", "Dst LG Bit")
    p_foo.fields = { f_foo_dst_lg }

    local f_eth_dst = Field.new("eth.dst")

    local lg_strs = {
        [0] = "Globally unique address (factory default)",
        [1] = "Locally administered address (this is NOT the factory default)"
    }

    function p_foo.dissector(buf, pinfo, tree)
        local eth_dst_ex = f_eth_dst()
        local eth_dst_tvb
        local eth_dst_lg
        if eth_dst_ex == nil then
            return
        end

        local foo_tree = tree:add(p_foo, buf(0, -1))

        pinfo.cols.protocol:set("FOO")
        eth_dst_tvb = eth_dst_ex.range
        eth_dst_lg = bit.rshift(bit.band(eth_dst_tvb(0, 1):uint(), 0x02), 1)
        foo_tree:add(f_foo_dst_lg, eth_dst_lg):set_text(
            "Dst LG Bit: .... .. " .. eth_dst_lg .. ". .... .... .... .... = " ..
            lg_strs[eth_dst_lg]
        )
    end

    register_postdissector(p_foo)

Here, I didn't bother using string.format(), but if you're printing lots of flags and bitfields, then it might be useful to do so.

Refs:
- https://www.wireshark.org/docs/wsdg_h...
- https://www.lua.org/pil/20.html

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-05-07 18:05:23 +0000

Seen: 49 times

Last updated: May 07