wireshark自定义协议插件开发

目录

脚本代码

报文显示

---

脚本代码

local NAME = "test"
test_proto = Proto("test", "test Protocol")

task_id = ProtoField.uint16("test.task_id", "test id", base.DEC)
cn = ProtoField.uint8("test.cn", "XXX", base.DEC)
sn = ProtoField.uint32("test.sn", "xxx", base.DEC)
indicator = ProtoField.uint32("test.indicator", "Indicator", base.DEC)
flag = ProtoField.uint8(NAME.."flag", "Flag", base.HEX)

local bit8 = {[0] = "XXX", [1] = "XXX"}
local bit7 = {[0] = "XXX", [1] = "XXX"}
local bit6 = {[0] = "XXX", [1] = "XXX"}
local bit5 = {[0] = "XXX", [1] = "XXX"}
local bit4 = {[0] = "XXX", [1] = "XXX"}
local bit3 = {[0] = "XXX", [1] = "XXX"}
local bit2 = {[0] = "Reserve", [1] = "Reserve"}
local bit1 = {[0] = "Reserve", [1] = "Reserve"}
msg_bit8 = ProtoField.uint8("msg_bit8", "bit8", base.DEC, bit8, 0x80)
msg_bit7 = ProtoField.uint8("msg_bit7", "bit7", base.DEC, bit7, 0x40)
msg_bit6 = ProtoField.uint8("msg_bit6", "bit6", base.DEC, bit6, 0x20)
msg_bit5 = ProtoField.uint8("msg_bit5", "bit5", base.DEC, bit5, 0x10)
msg_bit4 = ProtoField.uint8("msg_bit4", "bit4", base.DEC, bit4, 0x08)
msg_bit3 = ProtoField.uint8("msg_bit3", "bit3", base.DEC, bit3, 0x04)
msg_bit2 = ProtoField.uint8("msg_bit2", "bit2", base.DEC, bit2, 0x02)
msg_bit1 = ProtoField.uint8("msg_bit1", "bit1", base.DEC, bit1, 0x01)

test_proto.fields = {
    task_id,
    sn,
    indicator,
    flag,
    cn,
    msg_bit8,
    msg_bit7,
    msg_bit6,
    msg_bit5,
    msg_bit4,
    msg_bit3,
    msg_bit2,
    msg_bit1
}

function And(num1,num2)
    local tmp1 = num1
    local tmp2 = num2
    local str = ""
    repeat
        local s1 = tmp1 % 2
        local s2 = tmp2 % 2
        if s1 == s2 then
            if s1 == 1 then
                str = "1"..str
            else
                str = "0"..str
            end
        else
            str = "0"..str
        end
        tmp1 = math.modf(tmp1/2)
        tmp2 = math.modf(tmp2/2)
    until(tmp1 == 0 and tmp2 == 0)
    return tonumber(str,2)
end

-- buffer：包的数据
-- pinfo: 显示的信息
-- tree：包结构的关系
function test_proto.dissector(buffer, pinfo, tree)
    local buflen = buffer:len();
    if buflen == 0 then return end
    
    --显示在protocol列的名字
    pinfo.cols.protocol = test_proto.name 
    
    --显示在数据查看
    local test = tree:add(test_proto, buffer(), "test") 
    header_len = 8
    local test_header = test:add(test_proto, buffer(0, header_len), "test header") 
    local offset = 0;
    test_header:add(task_id, buffer(offset,2))
    offset = offset + 2;
    
    -- cn 字段解析
    test_header:add(cn, buffer(offset,1))
    offset = offset + 1;
    -- 根据flag字段，判断显示info信息 todo
    local flag_node = test_header:add(flag, buffer(offset,1))
    flag_node:add(msg_bit8, buffer(offset,1))
    flag_node:add(msg_bit7, buffer(offset,1))
    flag_node:add(msg_bit6, buffer(offset,1))
    flag_node:add(msg_bit5, buffer(offset,1))
    flag_node:add(msg_bit4, buffer(offset,1))
    flag_node:add(msg_bit3, buffer(offset,1))
    flag_node:add(msg_bit2, buffer(offset,1))
    flag_node:add(msg_bit1, buffer(offset,1))
    local ack = buffer(offset,1):uint() 
    ack_bit = And(ack, 0x80)
    offset = offset + 1;
    
    -- sn 字段解析
    test_header:add(sn, buffer(offset,4))
    sn_value = buffer(offset,4):uint()
    offset = offset + 4;
    if ack_bit == 0x80 then
        info = string.format("rx -> tx Ack Sn=%d Len=%d", sn_value, buflen)
        pinfo.cols.info = info 
    else 
        info = string.format("tx -> rx Sn=%d Len=%d", sn_value, buflen)
        pinfo.cols.info = info 
    end    
    
    local payload_len = buflen - offset;
    local test_header = test:add(test_proto, buffer(offset, payload_len), "test payload") 
    
end

local ip_protocol = DissectorTable.get("ip.proto")
ip_protocol:add(0xff, test_proto) --抓到的0xffff端口的数据，按test_proto的规则来解析
 

报文显示