how to add Lua dissector to support bluetooth vendor specific command and event

2022-09-16 16:29:44

mikechen

2022-09-16 17:00:46

grahamb

Hi I try to add Lua-dissector to extend the original HCI_EVT dissector however, when I call dissector::call(but, pkt, root), the original HCI_EVT dissector seems not work it only show the raw data in tree items could you give a hint how to fix this thanks

p_multi = Proto("multi","MultiProto");
orig_d = nil
RSSI3 = ProtoField.uint8("multi.rssi", "RSSI", base.HEX)
p_multi.fields = {RSSI3}

orig_d = Dissector.get("bthci_evt")
data = Dissector.get("data")
orig_table = DissectorTable.get("hci_h4.type")
if nil == orig_d2 then
  print("get orig_d2")
  orig_d2 = orig_table.get_dissector(orig_table, 5)
  if nil == orig_d2 then
    orig_d2 = orig_table.get_dissector(orig_table, 4)
    orig_table.set(5, orig_d2)
  -- save  orig_d2 as pattern 5 for testing
  print("orig_d2" .. type(orig_d2) .. tostring(orig_d2))

function p_multi.dissector(buf,pkt,root)
    length = buf:len()
    length2 = buf(1, buf:len()-1):tvb():len()
    print("length is " .. length .. " " .. length2)
    subtree = root:add(p_multi, buf(), "Multi rssi")
    if nil ~= orig_d2 then
      orig_d2:call(buf, pkt, root, buf(0, buf:len()) )
      --orig_d2:call(buf, pkt, root)
      print("error ! no orig_d2")
    info = tostring( .. " (length ".. length .. ")")
    subtree:add(RSSI3, buf(1,1)) -- only for test

if orig_d == nil then
  print("failed orig_d is nil")
  local inspect = require 'inspect'
  if orig_table == nil then
    print("failed orig_table is nil")
    print("register orig_table")
    orig_table:add(4, p_multi)

local tap ="bluetooth.hci_summary")
function tap.packet(pinfo,tvb,ip)
  -- print("tap length:".. tvb:len() ..  " " .. type(ip))
2022-09-16 20:52:25

Chuckc

2022-09-17 00:59:07

Here is answer to what's happening but not a solution to the problem. Sorry.

epan/dissectors/packet-bthci_evt.c is expecting an extra chunk of data:

static gint
dissect_bthci_evt(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
    /* Reject the packet if data is NULL */
    if (data == NULL)
        return 0;

When it's normally called (epan/dissectors/packet-hci_usb.c) that data is provided:

   case 1:
       call_dissector_with_data(bthci_evt_handle, next_tvb, pinfo, tree, bluetooth_data);

The Wireshark Lua (wslua) does not support the extra parameter when calling a dissector. From the WSDG: dissector:call(tvb, pinfo, tree) Calls a dissector against a given packet (or part of it).

tvb - The buffer to dissect.
pinfo - The packet info.
tree - The tree on which to add the protocol items.
Returns - Number of bytes dissected. Note that some dissectors always return number of bytes in incoming buffer, so be aware.

And the call in wslua (epan/wslua/wslua_dissector.c):

WSLUA_METHOD Dissector_call(lua_State* L) {
    /* Calls a dissector against a given packet (or part of it). */
#define WSLUA_ARG_Dissector_call_TVB 2 /* The buffer to dissect. */
#define WSLUA_ARG_Dissector_call_PINFO 3 /* The packet info. */
#define WSLUA_ARG_Dissector_call_TREE 4 /* The tree on which to add the protocol items. */

    Dissector volatile d = checkDissector(L,1);
    Tvb tvb = checkTvb(L,WSLUA_ARG_Dissector_call_TVB);
    Pinfo pinfo = checkPinfo(L,WSLUA_ARG_Dissector_call_PINFO);
    TreeItem ti = checkTreeItem(L,WSLUA_ARG_Dissector_call_TREE);
    const char *volatile error = NULL;
    int len = 0;

    if (! ( d && tvb && pinfo) ) return 0;

    TRY {
        len = call_dissector(d, tvb->ws_tvb, pinfo->ws_pinfo, ti->tree);

Sample capture (btsnoop_hci_20210205_105229.log) with the Bluetooth HCI H4 protocol attached to 17236: [Tshark] - Missing bluetooth protocol details

edit flag offensive delete link more


Of course there is an open issue - 15931: Add Lua support for arbitrary data parameter in dissector calls.

(it took long enough to do the diagnosis I felt compelled to document it.) :-)

Chuckc ( 2022-09-16 21:04:34 +0000 )

@Chunkc Thanks for the explain and reply Any suggestion to make this work ?

May I ask what is the possible solution ? I modify the c function code (epan/dissectors/packet-hci_usb.c) to use only 3 parameters (get Bluetooth data from tab) and build wireshark private release ? (does any online CI/auto build for this private build ?)

mikechen ( 2022-09-17 05:34:07 +0000 )

There are Github actions/workflows but I build locally and have no experience with the online process:
Re: [Wireshark-dev] Triggering "Windows Build" job

The steps for setting up a local build system (Unix or Windows) are documented in the WSDG:
Chapter 2. Quick Setup

Update: the Github actions for Windows and Ubuntu are currently failing due to the migration to Qt6.

Chuckc ( 2022-09-17 14:30:13 +0000 )

8189: github: fix ubuntu action (move to 22.04). and
8192: github: fix Windows action (Qt6; NSIS; Cmake -D syntax) have been merged.

Github actions are now running again.
If you fork on Github, you can make changes to your fork and Github will build an install package.

Chuckc ( 2022-09-22 19:55:13 +0000 )

