Ask Your Question
0

Wireshark LUA use field from previous/lower dissector

asked 2018-05-16 08:17:08 +0000

WJT gravatar image

updated 2018-05-16 15:42:09 +0000

cmaynard gravatar image

I have written an custom LUA dissector for ERSPAN. But to apply different header based on the ERSPAN Type indicated by gre.proto field in GRE header, I would like to use the value of gre.proto field in my dissector.

I have already searched and saw methods using post dissector but I am doing something wrong and it is not working for me.

So I would like to have something like this within my custom dissector:

if greprotocolversion == 0x22eb then

...
...

elseif gregreprotocolversion == 0x88be then

..
..

end

What would be the most simple method to accomplish this? Thank you.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-05-16 15:47:48 +0000

cmaynard gravatar image

Are you trying to use the GRE proto field or the GRE protocol version field? I think you want the GRE proto field, but your sample code suggests otherwise. In any case, here's a simple example that may help you:

grepost = Proto("GREpost", "Append GRE message to info column")

-- Field Extractor
gre_proto_fe = Field.new("gre.proto")

function grepost.dissector(tvb, pinfo, tree)
    local gre_proto = gre_proto_fe().value

    if gre_proto == 0x0800 then
        pinfo.cols.info:append(" (GRE/IP)")
    end
end

register_postdissector(grepost)
edit flag offensive delete link more

Comments

It doesn't even need to be a postdissector, field extractors can be used in regular dissectors as well (or at least this was possible in 2.4.x).

sindy gravatar imagesindy ( 2018-05-16 19:14:18 +0000 )edit

Hi Thanks for the help.

Indeed I mean to use the GRE proto field.

I used the code in my dissector and it is working. Also as Sindy mentioned, only using the field extractor works for me and is enough in this case.

Thank you all.

WJT gravatar imageWJT ( 2018-05-17 06:41:41 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-05-16 08:17:08 +0000

Seen: 59 times

Last updated: May 16