I'm trying to write a postdissector that will detect missed response from Modbus which is half duplex and should always have matching Query and Response. For some reason my code will not work on all the packets. Also is there a way to write to the previous packet pinfo? I want to put in the info that there was "No Response" to the packet.
-- MB_INFO postdissector
-- declare some Fields to be read
local ws_expert_message_f = Field.new("_ws.expert.message")
-- declare our (pseudo) protocol
MB_INFO_proto = Proto("MB_INFO","Modbus Info")
-- declare previous Query state
local isPrevousQuery
function MB_INFO_proto.init()
isPrevousQuery=false
end
function MB_INFO_proto.dissector(buffer,pinfo,tree)
local ws_expert_message = ws_expert_message_f()
local ws_expert_message_str = tostring(ws_expert_message)
local pinfo_str=tostring(pinfo.cols.info)
if not pinfo.visited then
pinfo.cols.info:append(" NEVER WORKS ALAWAYS IS ALWAYS VISTED")
end
local isQuery=pinfo_str:find("Query")
if isPrevousQuery and isQuery then
-- Needs to be written to previous packet
pinfo.cols.info:append(" (No Response Message)")
end
isPrevousQuery=isQuery
local isBadSize=pinfo_str:find("[Packet size limited during capture]")>1
if (ws_expert_message_str ~= "nil" and not isBadSize) then
pinfo.cols.info:append(" (")
pinfo.cols.info:append(ws_expert_message_str)
pinfo.cols.info:append(")")
end
end
-- register our protocol as a postdissector
register_postdissector(MB_INFO_proto)
