How to parse the tcp data with fragments in lua

asked 2018-10-25 09:14:28 +0000

aaadddzxc
1 ●1 ●1 ●1

updated 2019-01-30 17:22:32 +0000

cmaynard

11115 ●11 ●317 ●165 https://www.igt.com/

I tried to write the Lua plugin, but it’s always Not right

local xnet_proto = Proto("SL", "SL Protolcol")

local XProto_wHeader = ProtoField.uint8("xnet.wHeader", "wHeader", base.HEX)
local XProto_xhToken = ProtoField.uint64("xnet.xhToken", "xhToken", base.DEC)
local XProto_Type = ProtoField.uint32("xnet.unOperatorType", "unOperatorType", base.DEC)
local XProto_Code = ProtoField.uint32("xnet.unOperatorCode", "unOperatorCode", base.HEX)
local XProto_Size = ProtoField.uint32("xnet.unPacketSize", "unPacketSize", base.DEC)
local XProto_wSerial = ProtoField.uint8("xnet.wPacketSerial", "wPacketSerial", base.DEC)
local XProto_wVersion = ProtoField.uint8("xnet.wVersion", "wVersion", base.DEC)
local XProto_wIsReply = ProtoField.uint8("xnet.wIsReply", "wIsReply", base.DEC)
local XProto_wTail = ProtoField.uint8("xnet.wTail", "wTail", base.HEX)
local XProto_Payload = ProtoField.bytes("xnet.Payload", "Payload", base.NONE)

xnet_proto.fields = 
{
    XProto_wHeader,
    XProto_xhToken,
    XProto_Type,
    XProto_Code,
    XProto_Size,
    XProto_wSerial,
    XProto_wVersion,
    XProto_wIsReply,
    XProto_wTail,
    XProto_Payload
}

function xnet_proto.dissector(tvb, pinfo, treeitem)

    pinfo.cols.protocol:set("SL")
    pinfo.cols.info:set("SL Protocol")

    local offset = pinfo.desegment_offset or 0
    local tvb_len = tvb:len()

    local xnet_tree = treeitem:add(xnet_proto, tvb:range(tvb_len))
    xnet_tree:add_le(XProto_wHeader, tvb(offset, 2))   
    offset = offset + 2
    xnet_tree:add_le(XProto_xhToken, tvb(offset, 8))
    offset = offset + 8
    xnet_tree:add_le(XProto_Type, tvb(offset, 4))
    offset = offset + 4
    xnet_tree:add_le(XProto_Code, tvb(offset, 4))
    offset = offset + 4
    xnet_tree:add_le(XProto_Size, tvb(offset, 4))
    offset = offset + 4
    xnet_tree:add_le(XProto_wSerial, tvb(offset, 2))
    offset = offset + 2
    xnet_tree:add_le(XProto_wVersion, tvb(offset, 2))
    offset = offset + 2
    xnet_tree:add_le(XProto_wIsReply, tvb(offset, 2))
    offset = offset + 2
    xnet_tree:add_le(XProto_wTail, tvb(offset, 2))
    offset = offset + 2

    offset = pinfo.desegment_offset or 0
    local frameLength = XProto_Size

    while true
    do
        local nextFrame = offset + frameLength;

        if  tvb:len() <  nextFrame then
            pinfo.desegment_len = nextFrame - tvb:len()
            return
        end
        if tvb:len() == nextFrame then 
            xnet_tree:add(XProto_Payload, XProto_Size)
            break
        end
    end
end

local tcp_port_table = DissectorTable.get("tcp.port")
--tcp_port_table:add(6000, xnet_proto)
--tcp_port_table:add(6001, xnet_proto)
tcp_port_table:add(6002, xnet_proto

edit retag flag offensive close merge delete

add a comment

answered 2018-10-25 19:27:36 +0000

cmaynard

11115 ●11 ●317 ●165 https://www.igt.com/

There are generally 2 ways (that I'm aware of) to solve this, either by:

Making use of dissect_tcp_pdus() - refer to Section 11.6.8.2 of the Wireshark Developer's Guide
"Manually" doing what dissect_tcp_pdus() does, either out of necessity or by preference.

I've tried both methods in the past and generally prefer the 2nd of the two options, mainly because I've run into error handling limitations using dissect_tcp_pdus(). If you also want to try the 2nd method, then essentially just follow along with the fpm.lua example provided on the Wireshark Lua Examples Wiki Page under the A dissector tutorial with TCP-reassembly section.

edit flag offensive delete link

add a comment

How to parse the tcp data with fragments in lua

1 Answer

Your Answer

Question Tools

Stats

Related questions

How to parse the tcp data with fragments in lua edit

1 Answer

Your Answer

Question Tools

Stats

Related questions

How to parse the tcp data with fragments in lua