Ask Your Question
0

http2 post dissector not called for data

asked 2021-02-03 11:11:10 +0000

ranjeetsih gravatar image

updated 2021-02-03 11:12:49 +0000

I am writing a lua dissector to analyze data inside a http2 packet.

f_http2_type = Field.new("http2.type")
rpc_pd = Proto("rpc_ext","rpc dissector")

function rpc_pd.dissector(buffer,pinfo,tree)

    local rpc_msg_field  = f_http2_type()

    if (rpc_msg_field.value == 0x00) then
        io.write("Type: Data")
    elseif (rpc_msg_field.value == 0x01) then
        io.write("Type: Header")
    end

register_postdissector(rpc_pd)

In tcp segment, http2 header and http2 data parts come together. Above dissector is called only for http2 header and not for http2 data which is in same tcp segment after header.

please suggest a solution.

edit retag flag offensive close merge delete

Comments

I am facing the same issue, did you get a clue about this? Thanks a lot.

sky gravatar imagesky ( 2021-06-20 03:32:33 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-06-20 05:24:30 +0000

Chuckc gravatar image

updated 2021-06-20 05:47:25 +0000

Here is a doctored up version of the original Lua above.

The syntax changes are from looking through the Lua Examples on the Wireshark wiki.

f_http2_type = Field.new("http2.type")
rpc_pd = Proto("rpc_ext","rpc dissector")

function rpc_pd.dissector(buffer,pinfo,tree)

    finfos = { f_http2_type() }

    for _, rpc_msg_field in ipairs(finfos) do

        io.write(pinfo.number)
        io.write(": ")
        if (rpc_msg_field.value == 0x00) then
            io.write("Type: Data\n")
        elseif (rpc_msg_field.value == 0x01) then
            io.write("Type: Header\n")
        else
            io.write("Type: ")
            io.write(rpc_msg_field.value)
            io.write("\n")
        end
    end
end

register_postdissector(rpc_pd)

http2.type can occur in a packet multiple times (Wireshark uses the term "occurrence". In SNMP it's similar to a multi-instance OID). From the wiki example code:

  57         -- extract the field into a table of FieldInfos
  58         finfos = { field() }

Then iterate over the array members:
66 for _, finfo in ipairs(finfos) do

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-02-03 11:11:10 +0000

Seen: 87 times

Last updated: Jun 20