Can't active dessector function when use the lua to dissect the TLS V1.2.
I want to use lua api to dissect the custom tls v1.2 protocol.
I configured the RSA key files to decrypt TLS and the decrypted TLS info is shown as wanted. The RSA keys is the .pfx file.
To decrypt tls with lua, I register it to the tls.port: DissectorTable.get("tls.port"):add(port_id, my_protocol). But i find the dissector can't be actived, because the beginning print don't show in the lua console.
Please Help me to figure out how to active the lua dessector.
My demo as below:
smart_data_protocol = Proto("SmartData","SmartData Protocol")
-- fields component
data_header_status = ProtoField.uint16("smart_data.data_header_status", "data_header_status", base.DEC)
smart_data_protocol.fields = {data_header_status}
function smart_data_protocol.dissector(buffer, pinfo, tree)
print("start dissector")
length = buffer:len()
if length == 0 then
return 0
end
version = buffer(1,1):uint()
if version ~= 0x03 then
print("version ~= 0x03 ")
return 0
end
print("version == 0x03 ")
pinfo.cols.protocol = smart_data_protocol.name
print("cols.protocol ")
local subtree = tree:add(smart_data_protocol, buffer(), "SmartData Protocol Data")
print("local subtree ")
subtree:add(data_header_status, buffer(1,1))
print("subtree:add")
end
DissectorTable.get("tls.port"):add(50556, smart_data_protocol)
PS:
1. when i register the dissector the tcp.port, the dissector function can run but can't decrypt.
2. the aim coloumn is the TLS segment of a ressabled PUD, I don't know if it matters.
3. I cannot upload the capture file due to confidentiality, sorry.
Thanks a lot!
PS:when i register the dissector the tcp.port, the dissector function can run but can't decrypt
Can you update the example to show
my_portbeing set.Can you provide a sample capture and "RSA key files" ?
I have updated the my_port to the real port and the PS. The RSA key files works when lua is not loaded, so i guess it is valid. And I am sorry for unable to upload the related files.