Ask Your Question
0

Dynamic mask in LUA ProtoFields

asked 2018-10-26 08:04:20 +0000

DaveyS gravatar image

updated 2018-10-26 08:19:34 +0000

Writing in LUA. Is it possible to adjust the bit pattern in a mask for a ProtoField?

I have:

local default_settings =
{
    pmask = 0xfff,
    qmask = 0xf000,
    rmask = 0xffff0000,
}

    local hf_cod_pseq          = ProtoField.new   ("P Seq", "cod.pseq", ftypes.UINT32, nil, base.DEC,    default_settings.pmask, "(p) seq number")
local hf_cod_qseq          = ProtoField.new   ("Q Seq", "cod.qseq", ftypes.UINT32, nil, base.DEC,    default_settings.qmask, "(q) seq number")
local hf_cod_rsvd          = ProtoField.new   ("Reserved", "cod.rsvd", ftypes.UINT32, nil, base.DEC, default_settings.rmask, "Rsvd")

Where I set a mask that, for example might be 0xfff if I'm interested in the bottom 12 bits of an item. But for the data I'm interested in decoding, I'd like to be able to adjust the patterns, e.g. use masks of 0xff, 0xffff00, 0xff000000

So the question is whether it is possible/what is the syntax to allow me to modify the mask information in the proto objects hf_cod_pseq, hf_cod_qseq, etc?

I can think of creating a table of similar items, each with different masks, and chose which to use but that seems very inefficient/inflexible.

So is it possible to make these masks dynamic? Or can I delete them and re-create them after the object has been registered?

I don't need these changes to adjust on a packet by packet basis, but would like to be able to control the parameters (I'm able to create and manipulate the protocol preferences, and can dynamically adjust the default_parameters.pmask etc, but obviously these do not affect objects like hf_cod_pseq that have already been created). BTW I'm new to LUA and to wireshark.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-10-27 14:38:07 +0000

cmaynard gravatar image

Maybe you can use a preference to set the mask and dynamically apply it using the method I suggested in a recent discussion on the Wireshark developers mailing list? Here's a link to the beginning of that thread: https://www.wireshark.org/lists/wires.... For convenience or in case that link is ever dead, the sample function I provided, relevant to that discussion, was as follows:

local function dissect_RuPortId_F(tree, buffer)

    local t = {}
    local mask = 2^my_protocol.prefs.ru_port_id_width - 1
    local val = bit.band(buffer(4, 2):uint(), mask)

    for i = 15, 0, -1 do
        if bit.band(bit.rshift(mask, i), 1) == 1 then
            table.insert(t, (bit.band(bit.rshift(val, i), 1) == 1 and '1') or '0')
        else
            table.insert(t, '.')
        end

        if (i % 4) == 0 then
            table.insert(t, ' ')
        end
    end

    tree:add(RuPortId_F, buffer(4, 2)):set_text(table.concat(t) .. " = Ru Port ID: " .. val)
end -- dissect_RuPortId_F()

With only some minor changes, it should be relatively easy to apply that function to your protocol, assuming this solution works for you.

If there are only a couple of different applicable masks that are dependent upon the version of your protocol, then you might just want to introduce a version preference and then use the mask that's applicable to that particular version. You'll still need to dynamically apply the mask though, that is unless you use different fields for the different versions, each with its own applicable mask, which is also another possible option.

edit flag offensive delete link more

Comments

Can't up-vote you as apparently I need more karma before my judgement is trusted. But thank you for the suggestion, and for the pointer into the discussion that I'd failed to find.

An example such as this where you are running a DIY insertion of text is very useful.

Being impatiant, I actually tried and have running the alternative that I was deriding, that is to say, by creating an array of objects containing triples of p, q and r ProtoFields: for a 32-bit field complete flexibilty requires (32x32)/2 sets of 3 (1536), so quite wasteful in memory, but it does work.

local to_mask = function(size,shift)
    allones = bit.bnot(0)
    x = bit.lshift(bit.bnot(bit.lshift(allones,size)),shift)
    return x
end

make_mask_triple = function(p,q)
    local pm = to_mask(p,0)
    local qm = to_mask(q,p)
    local tot = q+p
    rm = to_mask(32-tot,tot)
    return ...
(more)
DaveyS gravatar imageDaveyS ( 2018-10-29 09:33:00 +0000 )edit

Whoops, please consider the reply to my own question as a reply to your reply. Appreciate your input. Thanks

DaveyS gravatar imageDaveyS ( 2018-10-29 09:34:26 +0000 )edit

Glad my answer was of use to you. I moved your answer as a comment under my answer as you indicated.

cmaynard gravatar imagecmaynard ( 2018-10-29 15:06:47 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-10-26 08:04:20 +0000

Seen: 1,340 times

Last updated: Oct 29 '18