Ask Your Question
0

How get index of buffer in post dissector lua

asked 2022-04-22 11:04:41 +0000

abd_uslu gravatar image

Hi everybody, I want to parse vendor specific field which is included topology response in 1905 message. How can i get beginning of index of the field in buffer.

set_plugin_info(onsemi_vs_post_info)
vs_info = Field.new("ieee1905.vendor_specific.info")
vs_oui = Field.new("ieee1905.vendor_specific.oui")
message_id = Field.new("ieee1905.message_id");

onsemi_proto = Proto("OnSemiVS", "OnSemi vendor specific")

local al_mac = ProtoField.string("OnSemiVS.al_mac", "source mac address")
local message_type = ProtoField.string("OnSemiVS.message_type", "message type")
local device_uptime = ProtoField.uint32("OnSemiVS.device_uptime", "device up time")
local fw_version_len = ProtoField.uint32("OnSemiVS.fw_version_len", "fw version length")

onsemi_proto.fields = {al_mac, message_type, device_uptime, fw_version_len}

function onsemi_proto.dissector(buffer, pinfo, tree)

    local l_vs_info = vs_info()
    local l_vs_oui = vs_oui()
    local l_message_id = message_id()

    if tostring(l_vs_oui) == tostring(0xac6fbb) and tostring(l_message_id)== "0x00001426" then

        subtree = tree:add(onsemi_proto, "VS custom parser")
        --needed beginning of address of ieee1905.vendor_specific.info
        subtree:add(al_mac, tostring( buffer(xxx, 6) ) ) 
    end

end

register_postdissector(onsemi_proto)
edit retag flag offensive close merge delete

Comments

Can you share a capture file that includes these fields? Stick it on a public fileshare (Google, Onedrive, Dropbox,...) and add a link to it in your question.

Chuckc gravatar imageChuckc ( 2022-04-22 13:46:38 +0000 )edit

wlan.tag.vendor.data seems to be a similar type field (wlan fields)

Chuckc gravatar imageChuckc ( 2022-05-02 02:12:21 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-04-23 16:45:59 +0000

Chuckc gravatar image

On the Wiki page Lua/Examples, see Extract field values.

  67                 -- get a TvbRange of the FieldInfo (fieldinfo.range in WSDG)
  68                 local ftvbr = finfo.tvb
  69                 tree:add(exfield_string, ftvbr:string(ENC_UTF_8))
  70                 tree:add(exfield_hex,tostring(ftvbr:bytes()))

The example DNS dissector (dissector.lua) has examples of using :range() with a tvb.

Here are changes to pull data out of ieee1905.vendor_specific.info:

    local l_vs_info = vs_info().range

        subtree:add(al_mac, l_vs_info:range(0,6)) 

Notes:

  • there is an open issue (17990: wsluarm: document FieldInfo aliases) to fix the WSDG.
  • It would help to have a sample capture for this protocol. The existing examples attached to bugs are short just to address the issue in the bug.
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2022-04-22 11:04:41 +0000

Seen: 31 times

Last updated: Apr 23