The problem seems to be that packet-ethertype.c:dissect_ethertype()
expects to be passed a pointer to an ethertype_data_t
. Since there appears to be no way to pass this data to the dissector from a Lua dissector, dissect_ethertype()
rejects it since the data is NULL
.
I don't know any way around this problem except to open a bug report and see if someone can add support for this, or to rewrite the f2 shim as a built-in C dissector and ideally submit it for inclusion into Wireshark.
(Incidentally, the comment for dissect_ethertype()
is wrong and should be fixed.)
So in theory, the f2 shim Lua dissector would look something more like so:
f2_shim = Proto ("f2_shim", "Cisco F2 shim header")
index = ProtoField.uint16("f2_shim.index", "Index", base.HEX)
data = ProtoField.uint64("f2_shim.data", "Data", base.HEX)
f2_shim.fields = {index, data}
function f2_shim.dissector(buffer, pinfo, tree)
local etype_data = nil -- The "magic" piece we can't use from Lua
pinfo.cols.protocol = "f2_shim"
local subtree = tree:add(f2_shim, buffer(0, 10))
subtree:add(index, buffer:range(0, 2))
subtree:add(data, buffer:range(2, 8))
--[[
In theory, we'd initialize and pass a pointer to etype_data,
consisting of:
etype
payload_offset
fh_tree
trailer_fd
fcs_len
--]]
Dissector.get("ethertype"):call(buffer:range(10):tvb(), pinfo, tree, etype_data)
end
ether_table = DissectorTable.get("ethertype")
ether_table:add(0xf001, f2_shim)
Lastly, since there seems to be some confusion about this f2 shim, here's some packet data that can be converted to a pcap file using text2pcap
for testing, e.g., text2pcap f2_shim.txt f2_shim.pcap
. It adds an f2 shim with index=1 and data=0xdeadbeefdeadbeef, at least as I understand the format and placement of the f2 shim to be. The real payload should be dissected as IP (carrying UDP), but it isn't due to the limitations described above:
0000 00 0e b6 00 00 02 00 0e b6 00 00 01 f0 01 00 01
0010 de ad be ef de ad be ef 08 00 45 00 00 37 00 00
0020 40 00 40 11 b5 ea c0 00 02 65 c0 00 02 66 82 35
0030 82 35 00 23 e8 54 53 b2 6e 9a bc de f0 c0 00 02
0040 64 20 01 0d b8 00 00 00 00 00 00 00 2f 2a 00 00
0050 01
Your problem description is unclear, please elaborate.
Thanks for look at this.
Device add a 12 byte header after Eth SRC MAC.
Ethernet II header(new type 0xf001, 2 bytes)+new private header(10 bytes)+normal ethernet type like 0x0800 or 0x0806+data
//"f0 01" is new ethernet type
//"19 00 00 24 00 83 00 03"
Do not care this, then we can see normal ethernet type 0800
You again describe what you have, but don't describe the problem. What is happening? What is the current output? And what are you expecting? Up 'til now the problem description comes down to 'it doesn't work'. That's unclear, please elaborate _on the problem_.
There needs to be some setup done before
ethertype
is called.That is normally done in packet-eth which has three dissectors:
eth
is expecting the MAC addresses before the ethertype field.The example below works but probably can be done cleaner.
Pieces above are not a complete answer but maybe give a direction.