Wireshark Lua Dissector - 如何设置源和目标
我正在 Lua 中开发 Wireshark 解剖器。
我尝试向wireshark 提供尽可能多的有关我的自定义协议的信息,以利用可用的分析工具。因此,我尝试为我的协议设置正确的源地址和目标地址。
我的协议可以位于不同的其他协议之上,例如 UDP 或 IEEE 802.15.4。因此,甚至可能已经设置了包源/目标(UDP)。
但是我希望wireshark显示我的地址,所以我尝试了以下操作:
myproto = Proto("myproto"), "My Protocol")
myproto_source = ProtoField.uint16("myproto.src", "Source Address", base.HEX)
myproto.fields = { myproto_source }
function myproto.dissector(buffer, pinfo, tree)
local subtree = tree:add(myproto, buffer(), "My Proto")
subtree:add(myproto_source, buffer(0,2)
-- does not work with error:
-- bad argument #1 to '?' (Address expected, got userdata)
pinfo.src = myproto_source
-- does work, but only adds text, wireshark tools rely on pinfo.src
pinfo.cols.src = tostring(buffer(0,2):uint())
end
udp_table = DissectorTable.get("udp.port")
udp_table:add( 12345, myproto )
wtap_encap_table = DissectorTable.get("wtap_encap")
wtap_encap_table:add(wtap["IEEE802_15_4"], myproto)
那么是否有可能需要设置pinfo.src的数据类型/类“地址”?或者是否有完全不同的方式来设置数据包信息?
提前致谢!
I'm working on a Wireshark Dissector in Lua.
I try to provide wireshark as much information about my custom protocol as possible to make use of the available analysis tools. Therefore I'm trying to set the correct source and destination address for my protocol.
My protocol can be on top of different other protocols such as UDP or IEEE 802.15.4. So it might even be that the package source/destination is already set (UDP).
However I want wireshark to show my addresses, so I tried the following:
myproto = Proto("myproto"), "My Protocol")
myproto_source = ProtoField.uint16("myproto.src", "Source Address", base.HEX)
myproto.fields = { myproto_source }
function myproto.dissector(buffer, pinfo, tree)
local subtree = tree:add(myproto, buffer(), "My Proto")
subtree:add(myproto_source, buffer(0,2)
-- does not work with error:
-- bad argument #1 to '?' (Address expected, got userdata)
pinfo.src = myproto_source
-- does work, but only adds text, wireshark tools rely on pinfo.src
pinfo.cols.src = tostring(buffer(0,2):uint())
end
udp_table = DissectorTable.get("udp.port")
udp_table:add( 12345, myproto )
wtap_encap_table = DissectorTable.get("wtap_encap")
wtap_encap_table:add(wtap["IEEE802_15_4"], myproto)
So is there maybe a datatype/class "address" that is necessary to set pinfo.src? Or is there a totally different way to set the packet information?
Thanks in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
pinfo.src采用地址对象(这是一个 IP 地址;不是 16 位整数)。用法示例:pinfo.src = Address.ip('1.2.3.4')请注意,这仅设置 Wireshark 中显示的“源”列的文本。底层数据包信息无法修改,IP数据包详细信息将继续显示实际IP地址。
pinfo.srctakes anAddressobject (which is an IP address; not a 16-bit integer). Example usage:pinfo.src = Address.ip('1.2.3.4')Note that this only sets the text of the "Source" column shown in Wireshark. The underlying packet info cannot be modified, and the IP packet details will continue to show the actual IP address.
只是一个建议 - 我不是 LUA 专家:
也许?
Just a suggestion - I'm not an LUA wiz:
maybe??