Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2021-10-08 21:06:01 +0000

sezb51 gravatar image

LUA & search in the nested packet...

Hello,

in my LUA protocol dissector there could be a specific packet type that says an IP/UDP/SIP packet follows:

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

I'm wondering if it could be possible to extract some SIP information (like sip.Call-ID if present) to enrich my custom layer:

s8hr_tree:append_text(...)

So can I run a search for element while executing the dissector.get ?

Thank you! A.

LUA & search in the nested packet...

Hello,

in my LUA protocol dissector there could be a specific packet type that says an IP/UDP/SIP packet follows:

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

I'm wondering if it could be possible to extract some SIP information (like sip.Call-ID if present) to enrich my custom layer:layer, ideally something like:

s8hr_tree:append_text(...)
...
-- ideal code I'm looking for:
local sip_callID_field = Field.new("sip.Call-ID")
nested_sip_pkt = Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
local finfo = sip_callID_field(nested_sip_pkt)
s8hr_tree:append_text(finfo)
...

So can I run a an easy element search for element while executing from the dissector.get result of the "dissector.get" avoiding all manual inspection ?

Thank you! A.

LUA & search in the nested packet...

Hello,

in my LUA protocol dissector there could be a specific packet type that says an IP/UDP/SIP packet follows:

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

I'm wondering if it could be possible to extract some SIP information (like sip.Call-ID if present) to enrich my custom layer, ideally something like:

...
-- ideal code I'm looking for:
local sip_callID_field = Field.new("sip.Call-ID")
nested_sip_pkt = Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
local finfo = sip_callID_field(nested_sip_pkt)
s8hr_tree:append_text(finfo)
...

So can I run an easy element search from Any simple way to extract wireshark-known elements buried in the result of the "dissector.get" avoiding all manual inspection nested layers returned by Dissector.get("ip") ?

Thank you! A.

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2