Can't active dessector function when use the lua to dissect the TLS V1.2.

asked 2024-01-29 03:41:59 +0000

zguest gravatar image

updated 2024-01-30 00:52:57 +0000

I want to use lua api to dissect the custom tls v1.2 protocol.

I configured the RSA key files to decrypt TLS and the decrypted TLS info is shown as wanted. The RSA keys is the .pfx file.

To decrypt tls with lua, I register it to the tls.port: DissectorTable.get("tls.port"):add(port_id, my_protocol). But i find the dissector can't be actived, because the beginning print don't show in the lua console.

Please Help me to figure out how to active the lua dessector.

My demo as below:

smart_data_protocol = Proto("SmartData","SmartData Protocol")

-- fields component
data_header_status = ProtoField.uint16("smart_data.data_header_status", "data_header_status", base.DEC)

smart_data_protocol.fields = {data_header_status}

function smart_data_protocol.dissector(buffer, pinfo, tree)

    print("start dissector")
    length = buffer:len()
    if length == 0 then
        return 0

    version = buffer(1,1):uint()
    if version ~= 0x03 then
        print("version ~= 0x03 ")
        return 0
    print("version == 0x03 ")
    pinfo.cols.protocol =
    print("cols.protocol ")

    local subtree = tree:add(smart_data_protocol, buffer(), "SmartData Protocol Data")

    print("local subtree ")
    subtree:add(data_header_status, buffer(1,1))
DissectorTable.get("tls.port"):add(50556, smart_data_protocol)

PS: 1. when i register the dissector the tcp.port, the dissector function can run but can't decrypt. 2. the aim coloumn is the TLS segment of a ressabled PUD, I don't know if it matters. 3. I cannot upload the capture file due to confidentiality, sorry.

Thanks a lot!

edit retag flag offensive close merge delete


PS:when i register the dissector the tcp.port, the dissector function can run but can't decrypt

zguest gravatar imagezguest ( 2024-01-29 03:50:14 +0000 )edit

Can you update the example to show my_port being set.

Can you provide a sample capture and "RSA key files" ?

Chuckc gravatar imageChuckc ( 2024-01-29 13:26:07 +0000 )edit

I have updated the my_port to the real port and the PS. The RSA key files works when lua is not loaded, so i guess it is valid. And I am sorry for unable to upload the related files.

zguest gravatar imagezguest ( 2024-01-30 00:56:42 +0000 )edit