Ask Your Question
0

how to add Lua dissector to support bluetooth vendor specific command and event

asked 2022-09-16 16:29:44 +0000

mikechen gravatar image

updated 2022-09-16 17:00:46 +0000

grahamb gravatar image

Hi I try to add Lua-dissector to extend the original HCI_EVT dissector however, when I call dissector::call(but, pkt, root), the original HCI_EVT dissector seems not work it only show the raw data in tree items could you give a hint how to fix this thanks

p_multi = Proto("multi","MultiProto");
orig_d = nil
RSSI3 = ProtoField.uint8("multi.rssi", "RSSI", base.HEX)
p_multi.fields = {RSSI3}

orig_d = Dissector.get("bthci_evt")
data = Dissector.get("data")
orig_table = DissectorTable.get("hci_h4.type")
if nil == orig_d2 then
  print("get orig_d2")
  orig_d2 = orig_table.get_dissector(orig_table, 5)
  if nil == orig_d2 then
    orig_d2 = orig_table.get_dissector(orig_table, 4)
    orig_table.set(5, orig_d2)
  end
  -- save  orig_d2 as pattern 5 for testing
  print("orig_d2" .. type(orig_d2) .. tostring(orig_d2))
end

function p_multi.dissector(buf,pkt,root)
    length = buf:len()
    length2 = buf(1, buf:len()-1):tvb():len()
    print("length is " .. length .. " " .. length2)
    subtree = root:add(p_multi, buf(), "Multi rssi")
    if nil ~= orig_d2 then
      orig_d2:call(buf, pkt, root, buf(0, buf:len()) )
      --orig_d2:call(buf, pkt, root)
    else
      print("error ! no orig_d2")
    end
    info = tostring(pkt.cols.info)
    pkt.cols.info:set(info .. " (length ".. length .. ")")
    subtree:add(RSSI3, buf(1,1)) -- only for test
    --end
end

if orig_d == nil then
  print("failed orig_d is nil")
else
  local inspect = require 'inspect'
  print(inspect(getmetatable(orig_d)))
  if orig_table == nil then
    print("failed orig_table is nil")
  else
    print("register orig_table")
    orig_table:add(4, p_multi)
  end
end

local tap = Listener.new("bluetooth.hci_summary")
function tap.packet(pinfo,tvb,ip)
  -- print("tap length:".. tvb:len() ..  " " .. type(ip))
end
edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2022-09-16 20:52:25 +0000

Chuckc gravatar image

updated 2022-09-17 00:59:07 +0000

Here is answer to what's happening but not a solution to the problem. Sorry.

epan/dissectors/packet-bthci_evt.c is expecting an extra chunk of data:

static gint
dissect_bthci_evt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
...
    /* Reject the packet if data is NULL */
    if (data == NULL)
        return 0;

When it's normally called (epan/dissectors/packet-hci_usb.c) that data is provided:

   case 1:
       call_dissector_with_data(bthci_evt_handle, next_tvb, pinfo, tree, bluetooth_data);
       break;


The Wireshark Lua (wslua) does not support the extra parameter when calling a dissector. From the WSDG:

11.6.1.3. dissector:call(tvb, pinfo, tree) Calls a dissector against a given packet (or part of it).

Arguments
tvb - The buffer to dissect.
pinfo - The packet info.
tree - The tree on which to add the protocol items.
Returns - Number of bytes dissected. Note that some dissectors always return number of bytes in incoming buffer, so be aware.

And the call in wslua (epan/wslua/wslua_dissector.c):

WSLUA_METHOD Dissector_call(lua_State* L) {
    /* Calls a dissector against a given packet (or part of it). */
#define WSLUA_ARG_Dissector_call_TVB 2 /* The buffer to dissect. */
#define WSLUA_ARG_Dissector_call_PINFO 3 /* The packet info. */
#define WSLUA_ARG_Dissector_call_TREE 4 /* The tree on which to add the protocol items. */

    Dissector volatile d = checkDissector(L,1);
    Tvb tvb = checkTvb(L,WSLUA_ARG_Dissector_call_TVB);
    Pinfo pinfo = checkPinfo(L,WSLUA_ARG_Dissector_call_PINFO);
    TreeItem ti = checkTreeItem(L,WSLUA_ARG_Dissector_call_TREE);
    const char *volatile error = NULL;
    int len = 0;

    if (! ( d && tvb && pinfo) ) return 0;

    TRY {
        len = call_dissector(d, tvb->ws_tvb, pinfo->ws_pinfo, ti->tree);
...

Sample capture (btsnoop_hci_20210205_105229.log) with the Bluetooth HCI H4 protocol attached to 17236: [Tshark] - Missing bluetooth protocol details

edit flag offensive delete link more

Comments

Of course there is an open issue - 15931: Add Lua support for arbitrary data parameter in dissector calls.

(it took long enough to do the diagnosis I felt compelled to document it.) :-)

Chuckc gravatar imageChuckc ( 2022-09-16 21:04:34 +0000 )edit

@Chunkc Thanks for the explain and reply Any suggestion to make this work ?

May I ask what is the possible solution ? I modify the c function code (epan/dissectors/packet-hci_usb.c) to use only 3 parameters (get Bluetooth data from tab) and build wireshark private release ? (does any online CI/auto build for this private build ?)

mikechen gravatar imagemikechen ( 2022-09-17 05:34:07 +0000 )edit

There are Github actions/workflows but I build locally and have no experience with the online process:
Re: [Wireshark-dev] Triggering "Windows Build" job

The steps for setting up a local build system (Unix or Windows) are documented in the WSDG:
Chapter 2. Quick Setup

Update: the Github actions for Windows and Ubuntu are currently failing due to the migration to Qt6.

Chuckc gravatar imageChuckc ( 2022-09-17 14:30:13 +0000 )edit

8189: github: fix ubuntu action (move to 22.04). and
8192: github: fix Windows action (Qt6; NSIS; Cmake -D syntax) have been merged.

Github actions are now running again.
If you fork on Github, you can make changes to your fork and Github will build an install package.

Chuckc gravatar imageChuckc ( 2022-09-22 19:55:13 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2022-09-16 16:29:44 +0000

Seen: 411 times

Last updated: Sep 17 '22