Ask Your Question
0

Call MAC dissector from .lua plugin

asked 2018-12-05 07:38:09 +0000

I am trying to call specific protocol dissectors from my .lua plugin. The line is:

Dissector.get("mac"):call(buf, pinfo, tree)

Some work (e.g. gtp) but others I need do not (e.g. mac for MAC, rsl for RSL). I looked at the epan/dissectors folder and tried other variations to no avail.

Anyone knows if the the correct name of the protocol? Also in wireshark itself I cannot use "decode as" since this protocol is missing.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2018-12-05 16:03:29 +0000

cmaynard gravatar image

If you're looking for the correct protocol names, you can try running something like tshark -G protocols | grep NAME … where NAME is the name of the protocol you're looking for. (Refer to the tshark man page for more details on the -G option.)

For example:

$ tshark -G protocols | grep RSL
Radio Signalling Link (RSL)     RSL     gsm_abis_rsl

So in the case of RSL, it looks like you'd need Dissector.get("gsm_abis_rsl"):call(buf, pinfo,tree)

Of course this doesn't always work, because the same search for MAC does find it:

$ tshark -G protocols | grep MAC
DOCSIS Mac Management   DOCSIS MAC MGMT docsis_mgmt
MACsec Key Agreement    EAPOL-MKA       mka
Radio Link Control, Medium Access Control, 3GPP TS44.060        GSM RLC MAC    gsm_rlcmac
ISMACryp Protocol       ISMACRYP        ismacryp
**MAC     MAC     mac**
MAC-LTE MAC-LTE mac-lte
mac-lte-framed  MAC-LTE-FRAMED  mac-lte-framed
MAC-NR  MAC-NR  mac-nr
MikroTik MAC-Telnet Protocol    MAC-Telnet      mactelnet
MAC Control     MACC    macc
802.1AE Security tag    MACsec  macsec
MPLS-MAC        Media Access Control (MAC) Address Withdrawal over Static Pseudowire    mpls_mac
WiMax MAC Management Message    MGMT MSG        wmx.mgmt
DCOM IRemoteActivation  REMACT  remact
Token-Ring Media Access Control TR MAC  trmac
WiMax Generic/Type1/Type2 MAC Header Messages   WiMax Generic/Type1/Type2 MAC Header (hdr)      wmx.hdr
WiMAX MAC-PHY over Ethernet     WiMAX MAC-PHY   wimaxmacphy

In this case, it seems you need to look at the source code (unless there's some other method I'm not aware of) in order to find the dissector that's actually registered.

$ grep "proto_register_protocol" packet-*.c | grep "\"MAC\""
packet-umts_mac.c:    proto_umts_mac = proto_register_protocol("MAC", "MAC", "mac");

$ grep register_dissector packet-umts_mac.c
    register_dissector("mac.fdd.rach", dissect_mac_fdd_rach, proto_umts_mac);
    register_dissector("mac.fdd.fach", dissect_mac_fdd_fach, proto_umts_mac);
    register_dissector("mac.fdd.pch", dissect_mac_fdd_pch, proto_umts_mac);
    register_dissector("mac.fdd.dch", dissect_mac_fdd_dch, proto_umts_mac);
    register_dissector("mac.fdd.edch", dissect_mac_fdd_edch, proto_umts_mac);
    register_dissector("mac.fdd.edch.type2", dissect_mac_fdd_edch_type2, proto_umts_mac);
    register_dissector("mac.fdd.hsdsch", dissect_mac_fdd_hsdsch, proto_umts_mac);
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-12-05 07:38:09 +0000

Seen: 40 times

Last updated: Dec 05