Ask Your Question
0

Lua - Get hex value of a field

asked 2020-08-12 17:44:46 +0000

TomLaBaude gravatar image

updated 2020-08-12 17:46:31 +0000

I use this code to retrieve the hex value of "wlan.ssid", as I understood from 11.2.2.15. fieldinfo.range

local wlan_ssid_f = Field.new("wlan.ssid")
if (wlan_ssid_f() ~= nil) then
    wlan_ssid = tostring(wlan_ssid_f())
    wlan_ssid_hex = tostring(wlan_ssid_f().range)
end

Today I realized that if SSID is longer than 24 chars, then the hex value is fixed to 24 + "..." string:

Ex:
SSID : "DIRECT-b7-HP M118 LaserJet"
HexString : "4449524543542d62372d4850204d313138204c617365724a…"

Is it a restriction of .range or tostring ?

How can I get the whole hexa no matter the length ?

(Ping @cmaynard whol helped me also on this thing back years ago !)

edit retag flag offensive close merge delete

2 Answers

Sort by » oldest newest most voted
1

answered 2020-08-13 21:10:48 +0000

cmaynard gravatar image

updated 2020-08-16 14:42:39 +0000

This appears to be a limitation of the tostring operation when run on a tvb.

The relevant call path looks like:

        epan/wslua/wslua_tvb.c:Tvb__tostring() ->

                epan/tvbuff.c:tvb_bytes_to_str() ->

                        epan/to_str.c:bytestring_to_str()

... which truncates the buffer holding the string to a maximum length of MAX_BYTE_STR_LEN/3. Since MAX_BYTE_STR_LEN is defined as 72, the maximum length of the resulting string is 24, which is what you're seeing.

I don't know a way to work around this except to:

  • Process 24 bytes of the SSID at a time
  • File a bug report requesting that the size be increased?

Maybe there's another way? Well, in case your only option is the first idea, here's a sample code snippet to illustrate how one might handle it (which isn't necessarily optimized):


wlanpost = Proto("WLANpost", "Append WLAN SSID to Info column")

wlan_ssid_f = Field.new("wlan.ssid")

function wlanpost.dissector(tvb, pinfo, tree)
    local wlan_ssid_ex = wlan_ssid_f()

    if wlan_ssid_ex then
        local wlan_ssid_tvb = wlan_ssid_ex.range
        pinfo.cols.info:append(" - SSID Len = " .. wlan_ssid_ex.len .. "; SSID = ")
        if wlan_ssid_ex.len <= 24 then
            local wlan_ssid_str = tostring(wlan_ssid_tvb)
            pinfo.cols.info:append(wlan_ssid_str)
        else
            local offset = 0
            local rem = wlan_ssid_ex.len
            while rem > 0 do
                if rem > 24 then
                    local wlan_ssid_str = tostring(wlan_ssid_tvb(offset, 24))
                    pinfo.cols.info:append(wlan_ssid_str)
                    rem = rem - 24
                    offset = offset + 24
                else
                    local wlan_ssid_str = tostring(wlan_ssid_tvb(offset, rem))
                    pinfo.cols.info:append(wlan_ssid_str)
                    rem = 0
                end
            end
        end
    end
end  

register_postdissector(wlanpost)
edit flag offensive delete link more

Comments

1

Awesome, saving my life !

TomLaBaude gravatar imageTomLaBaude ( 2020-08-15 17:53:59 +0000 )edit
0

answered 2020-09-01 16:28:32 +0000

cmaynard gravatar image

While the original answer I provided does work, I've since realized there's a much simpler solution. Instead of working with the Tvb and converting each 24 byte portion of it to a string, simply get a ByteArray from the Tvb and then convert that to a string in one simple step.

For example:

wlanpost = Proto("WLANpost", "Append WLAN SSID to Info column")

-- Create a field extractor for the SSID
wlan_ssid_f = Field.new("wlan.ssid")

function wlanpost.dissector(tvb, pinfo, tree)
    -- Extract all values for this field
    local wlan_ssid_ex = wlan_ssid_f()

    if wlan_ssid_ex then
        pinfo.cols.info:append(" - SSID Len = " .. wlan_ssid_ex.len .. "; SSID = " ..
            tostring(wlan_ssid_ex.range:bytes()))
    end
end

register_postdissector(wlanpost)
edit flag offensive delete link more

Comments

Wouahhh, thanks for coming back and taking time to post an enchanced solution. First solution worked like a charm and allow me to understand better TVB. I'll dig into ByteArray now :-)

TomLaBaude gravatar imageTomLaBaude ( 2020-09-01 16:36:45 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-08-12 17:44:46 +0000

Seen: 53 times

Last updated: Sep 01