Revision history [back]

how to get tcp reassembled length in lua

I have some out-of-order TCP packets, and when the correctly sequenced packets are received, Wireshark's TCP reassembly is able to correctly reorder this data and obtain the correct data length. However, when I try to access the reassembled TCP data in Lua using Field.new("tcp.reassembled.data"), Field.new("tcp.reassembled.length"), Field.new("tcp.segments"), etc., they always return nil. So, how can I access these fields to get the reassembled TCP data?

how to get tcp reassembled length in lua

local log_enabled=true
local max_file_size=10 * 1024 --10M
local listen_port=514
local buf=""
local tcp_dstport=Field.new("tcp.dstport")
local tcp_srcport=Field.new("tcp.srcport")
local tcp_stream=Field.new("tcp.stream")
local tcp_len=Field.new("tcp.len")
local tcp_reassembled_len=Field.new("tcp.reassembled.length")
local tcp_segments=Field.new("tcp.segments")
local data_field = Field.new("data.data")
local function get_time()
    return os.date("%Y%m%d_%H%M%S",os.time())
end

local function get_file_path(stream_number)
    return string.format("C:\\Users\\usr\\Downloads\\Syslog_Stream_%s_%s.log", stream_number,get_time())
end
local relp_proto = Proto("RELP", "RELP Protocol")
_G.MAXSTRINGSZ = 0
-- Define fields for RELP protocol
local relp_fields = {
    syslog_records = ProtoField.string("relp.syslog_records", "Syslog Records")
}
local file
if log_enabled then
    file=io.open(get_file_path(tcp_stream),"w")
end
function log(content)
    if log_enabled then
        file:write(content)
    end
end
relp_proto.fields = relp_fields
function relp_proto.init()
    buf=""
end
function relp_proto.dissector(tvbuf, pinfo, tree)
    --if pinfo.visited ==true then 
    log("pinfo:"..pinfo.number)
    if tcp_reassembled_len()~=nil then
        log("   tcp assembled_in:"..tcp_reassembled_len().value.."\n")
    else
        log("  tcp len:"..tcp_len().value.."\n")
    end

end

tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(listen_port, relp_proto)