Ask Your Question
0

Lua dissector: Field extractor to get the last matched userdata

asked 2019-02-22 11:07:51 +0000

L. Qin gravatar image

updated 2019-02-22 12:05:26 +0000

I want to create a Lua Dissector for LLDP TLV.

Pseudocode:

local subtype_f = Field.new("lldp.ieee.802_1.subtype")

local myproto = Proto("myproto", "My Proto")

function myproto.dissector(buf, pinfo, treeitem)
    local subtype = subtype_f()
    if subtype.value == A_SUBTYPE then
        do_something
    end
end

register_postdissector(myproto)

In one packet, there are 3 TLVs containing "lldp.ieee.802_1.subtype" field,

but the code local subtype = subtype_f() only get the first one FieldInfo,

How can I get the last one or retrieve the return value of subtype_f()

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-02-22 15:49:53 +0000

cmaynard gravatar image

updated 2019-02-22 15:53:58 +0000

You need to use a table then iterate through all the values. For example:

local subtype_f = Field.new("lldp.ieee.802_1.subtype")
local myproto = Proto("myproto", "My Proto")

function myproto.dissector(buf, pinfo, treeitem)
    local subtype = {subtype_f()}
    if subtype then
        for i in pairs(subtype) do
            if subtype[i].value == A_SUBTYPE then
                -- do_something
            elseif subtype[i].value == B_SUBTYPE then
                 -- do_something_else
           end
        end
    end
end

register_postdissector(myproto)

And if you only want to deal with the last subtype, then of course you don't need to iterate though all subtypes, just check the last one, e.g.:

if subtype[#subtype].value == A_SUBTYPE then
    -- do_something
end
edit flag offensive delete link more
add a comment
0

answered 2019-02-22 11:50:13 +0000

grahamb gravatar image

Your dissector function should return the number of bytes you've dissected. This then allows the dissector calling your dissector to call you again with the remaining bytes in the tvbuff.

This isn't explained very well in the Developers Guide Lua API description or the example there. The example dissector on the Lua Wiki page is better.

edit flag offensive delete link more

Comments

Thank you for your answer. But, this is a post dissector, I want to read the field lldp.ieee.802_1.subtype to check if it equals my subtype. In one packet, there are 3 TLVs containing "lldp.ieee.802_1.subtype" field, I only want to deal with the last TLV, but when calling a Field object, it returns the first TLV's FieldInfo object.

L. Qin gravatar imageL. Qin ( 2019-02-22 12:24:05 +0000 )edit

I'd missed that.

I don't know the answer for a post-dissector, I think they're called once per packet, so you'd have to handle multiple PDU's per packet yourself by checking if there is any data remaining in the tvb and if there is any processing that and repeating as required.

grahamb gravatar imagegrahamb ( 2019-02-22 13:09:43 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2019-02-22 11:07:51 +0000

Seen: 1,035 times

Last updated: Feb 22 '19

Related questions

Testing Lua Dissectors [closed]

Is there a simple LUA script as an example for simple pcaps?

how to precompile and use precompiled lua dissectors

Custom sub protocols registering with a custom protocol's dissector table

How can I save the packet list exactly as Wireshark is displaying it as a JSON?

Adding a custom dissector to wireshark

Lua dissector is not processing the full TCP payload.

multiple lua dissectors using same ports

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2