Ask Your Question
0

How to target a 802.11 header in a Lua script?

asked 2019-01-21 20:30:00 +0000

samarcande26 gravatar image

updated 2019-01-30 17:19:24 +0000

cmaynard gravatar image

Hello,

I am trying to decode Fine Timing Measurement (FTM, aka 802.11mc for some) frames, and this 802.11 protocol is not supported yet. I started looking at adding a Lua dissector, but this thing seems to be a nightmare. How can I target, in a Lua dissector, an 802.11 frame type (namely public action frame of type 0x20), or a specific 802.11 header field, to add my own type? Thanks!

Samarcande

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-01-22 17:10:55 +0000

cmaynard gravatar image

updated 2019-01-24 02:41:52 +0000

Probably the best thing to do would be to open a Wireshark bug report asking for the 802.11mc (FTM) frames to be supported, and if possible to supply a patch implementing it if you're able to do so.

In the meantime, if your Lua script grabs the wlan.fixed.publicact field, it may be able to process it if the value is 0x20. Here's a very simple Lua post-dissector script that does something with the packet if the field is 0x20:

wlanpost = Proto("WLANpost", "Append text to Info column if 802.11mc")

wlan_publicact_f = Field.new("wlan.fixed.publicact")

function wlanpost.dissector(tvb, pinfo, tree)
    local wlan_publicact_ex = wlan_publicact_f().value

    if wlan_publicact_ex == 0x20 then
        pinfo.cols.info:append(" [802.11mc]")
    end
end

register_postdissector(wlanpost)

I don't have any 802.11mc packets to play around with, so you'll have to see what you can accomplish without Wireshark native support. The Wireshark wiki has a more elaborate postdissector example if you want to take a look at it. See https://wiki.wireshark.org/Lua/Exampl...

edit flag offensive delete link more

Comments

Thank you very much, this is very useful, I think it should be enough to get me on the right way. I'll gladly contribute to a patch, as soon as I get a structure complete enough. Thanks again.

samarcande26 gravatar imagesamarcande26 ( 2019-01-24 02:18:42 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-01-21 20:30:00 +0000

Seen: 66 times

Last updated: Jan 24