Last active
August 29, 2015 13:57
-
-
Save yotommy/9418633 to your computer and use it in GitHub Desktop.
Extract potentially multiple 'trivial' PDUs from a TCP segment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- trivial protocol example | |
-- inspired by http://wiki.wireshark.org/Lua/Dissectors | |
-- declare our protocol | |
trivial_proto = Proto("trivial","Trivial Protocol") | |
-- create a function to dissect it | |
function trivial_proto.dissector(buffer,pinfo,tree) | |
local offset = pinfo.desegment_offset or 0 | |
local trivial_pdu_len = 4 | |
-- Enhancement: extract potentially multiple 'trivial' PDUs from buffer | |
-- inspired by http://stackoverflow.com/questions/14387426/reassembling-packets-in-a-lua-wireshark-dissector | |
while true do | |
local nxtpdu = offset + trivial_pdu_len | |
if nxtpdu > buffer:len() then | |
pinfo.desegment_len = nxtpdu - buffer:len() | |
pinfo.desegment_offset = offset | |
return | |
end | |
pinfo.cols.protocol = "TRIVIAL" | |
pinfo.cols.info = "Trivial Info" | |
local subtree = tree:add(trivial_proto,buffer(),"Trivial Protocol Data") | |
subtree:add(buffer(offset,2),"The first two bytes: " .. buffer(offset,2):uint()) | |
subtree = subtree:add(buffer(offset+2,2),"The next two bytes") | |
subtree:add(buffer(offset+2,1),"The 3rd byte: " .. buffer(offset+2,1):uint()) | |
subtree:add(buffer(offset+3,1),"The 4th byte: " .. buffer(offset+3,1):uint()) | |
offset = nxtpdu | |
if nxtpdu == buffer:len() then | |
return | |
end | |
end | |
end | |
-- load the tcp.port table | |
tcp_table = DissectorTable.get("tcp.port") | |
-- register our protocol to handle udp port 7777 | |
tcp_table:add(7777,trivial_proto) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment