Ask Your Question
0

LUA & search in the nested packet...

asked 2021-10-08 21:06:01 +0000

sezb51 gravatar image

updated 2021-10-10 09:15:52 +0000

Hello,

in my LUA protocol dissector there could be a specific packet type that says an IP/UDP/SIP packet follows:

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

I'm wondering if it could be possible to extract some SIP information (like sip.Call-ID if present) to enrich my custom layer, ideally something like:

...
-- ideal code I'm looking for:
local sip_callID_field = Field.new("sip.Call-ID")
nested_sip_pkt = Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
local finfo = sip_callID_field(nested_sip_pkt)
s8hr_tree:append_text(finfo)
...

Any simple way to extract wireshark-known elements buried in the nested layers returned by Dissector.get("ip") ?

Thank you! A.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-10-10 11:44:55 +0000

sezb51 gravatar image

Hello,

I just realized that it is simple as adding the Field.new just after the Proto(...) definition:

version = "v1.07n"
S8HR_proto = Proto ("s8hr", "S8HR [" .. version .. "]")
local sip_callID_field = Field.new("sip.Call-ID")

Then the "local finfo = sip_callID_field()" get populated with the value (when available):

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    local finfo = sip_callID_field()
    if (finfo ~= nil) then
      print(tostring(finfo))
    end
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

in fact LUA console does show now:

Sun Oct 10 13:36:50 2021 ZjI2NWZiZmMyYTNjN2Y3MDg0NDc5ODE0MDliY2M0ODg.
Sun Oct 10 13:36:52 2021 ZjI2NWZiZmMyYTNjN2Y3MDg0NDc5ODE0MDliY2M0ODg.
Sun Oct 10 13:36:53 2021 ZjI2NWZiZmMyYTNjN2Y3MDg0NDc5ODE0MDliY2M0ODg.
Sun Oct 10 13:36:54 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:54 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:55 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:55 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:56 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:57 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:57 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:57 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:57 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:58 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:58 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.

Thank you all, A.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2021-10-08 21:06:01 +0000

Seen: 274 times

Last updated: Oct 10 '21

Related questions

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Error while creating a Lua listener in 2.4.2 with filter

Lua Dumper to variable

http2 decrypted data in tshark lua script

Decode as LUA - how do I do that?

LUA: dissector wide global table

Reuse (part of) a Wireshark Dissector

Any way to use cmd tshark for a gns3 wire?

how to change COL_PROTOCOL with lua code

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2