感谢http://yoursunny.com/t/2008/Wireshark-Lua-dissector/
http://blog.csdn.net/phunxm/article/details/5972904
以及 http://wiki.wireshark.org/LuaAPI
以及google
使用方法
代码另存为文件EtherMAC.lua,放入Wireshark安装目录
在Wireshark安装目录下找到init.lua 记事本打开
设置disable_lua = false
在文件末尾添加一句 dofile(DATA_DIR.."EtherMAC.lua")
--[[
测试控制命令 未统一的显示为unknown+0x0000
reference:
http://yoursunny.com/t/2008/Wireshark-Lua-dissector/
一开始ProtoField bytes 错了
bytes 相当于ASCII码
待添加 解析板卡类型,控制命令类型 命令区分数据类型
]]--
do
local p_EtherMAC = Proto("EtherMAC","EtherMAC @SDUCNC 2008-2014.")
-- local p_EtherMAC = Proto("EtherMAC","SDUCNC.2008-2014.Ethernet for Manufacture Automation Control")
local f_packetSerilNum=ProtoField.uint8("EtherMAC.packetnum","PacketNo.")
local f_packettype = ProtoField.uint8("EtherMAC.packettype","PacketType",base.HEX,{[0]="Stopped",[1]="Enum",[2]="Cycle",[3]="Config"})
local f_packetAllLength=ProtoField.uint32("EtherMAC.length","PacketLength",base.DEC)
local f_node=ProtoField.uint8("EtherMAC.node","Node",base.DEC)
local f_nodenum=ProtoField.uint8("EtherMAC.nodenum","Node number",base.HEX_DEC)
local f_nodelength=ProtoField.uint8("EtherMAC.nodelength","Node Length",base.DEC_HEX)
local f_nodectrlcmd=ProtoField.uint16("EtherMAC.ctrlcmd","Node Command",base.HEX,{[0x80ff]="Controller type",[0x8010]="IO data"})
local f_nodectrlcmd_length=ProtoField.uint8("EtherMAC.ctrlcmdLength","Command Length",base.DEC)
local f_nodectrlcmd_value=ProtoField.bytes("EtherMAC.ctrlcmdvalue","Command Value",base.HEX)
p_EtherMAC.fields = { f_packetSerilNum,f_packettype,f_packetAllLength,f_node,f_nodenum, f_nodelength,f_nodectrlcmd,f_nodectrlcmd_length,f_nodectrlcmd_value}
--"Reserved"
--local f_packetdirection("download","upload")
-- local f_operator = ProtoField.uint8("EtherMAC.operator","Operator",base.HEX,{ [0] = "get-value", [1] = "set-value", [128] = "resp-value", [16] = "get-color", [17] = "set-color", [144] = "resp-color"})
-- local f_left = ProtoField.uint32("ScoreBoard.left","Value Left",base.DEC)
-- local f_right = ProtoField.uint32("ScoreBoard.right","Value Right",base.DEC)
-- local f_red = ProtoField.uint8("ScoreBoard.red","Color Red",base.DEC)
-- local f_green = ProtoField.uint8("ScoreBoard.green","Color Green",base.DEC)
-- local f_blue = ProtoField.uint8("ScoreBoard.blue","Color Blue",base.DEC)
-- p_EtherMAC.fields = { f_packettype,f_packetAllLength, f_operator, f_left, f_right, f_red, f_green, f_blue }
local data_dis = Dissector.get("data")
local function EtherMAC_dissector(buf,pkt,root)
local buf_len = buf:len();
local pkdt_snum=buf(0,1)
local pkdt_length=buf(1,2)
local pkdt_type=buf(2,1)
local v_lengthandtype=buf(1,2):le_uint()
local v_alllength=bit.band(v_lengthandtype,0x7fff)
local v_datalength=0
local v_curnode_pos=0 --当前节点数据起始位置
local v_curnode_num=0
local v_curnode_len=0
local v_cur_cmd=0
local v_curcmd_pos=0
local c_curcmd_len=0
-- local v_packettype=v_lengthandtype/4096;
local v_packettype=bit.rshift(v_lengthandtype,12)
if v_alllength+14>buf:len() then
-- v_alllength=buf:len()+14
v_datalength=buf:len()
else
v_datalength=buf:len()
end
-- if buf_len < 17 then return false end
-- local v_identifier = buf(0,16)
-- -- if ((buf(0,1):uint()~=226) or (buf(1,1):uint()~=203) or (buf(2,1):uint()~=181) or (buf(3,1):uint()~=128)
-- -- or (buf(4,1):uint()~=203) or (buf(5,1):uint()~=9) or (buf(6,1):uint()~=78) or (buf(7,1):uint()~=186)
-- -- or (buf(8,1):uint()~=163) or (buf(9,1):uint()~=107) or (buf(10,1):uint()~=246) or (buf(11,1):uint()~=7)
-- -- or (buf(12,1):uint()~=206) or (buf(13,1):uint()~=149) or (buf(14,1):uint()~=63) or (buf(15,1):uint()~=43))
-- -- then return false end
-- local v_operator = buf(16,1)
-- local i_operator = v_operator:uint()
local t = root:add(p_EtherMAC,buf())
pkt.cols.protocol = "EtherMAC"
pkt.cols.info="EtherMAC Info"
t:add(f_packetSerilNum,pkdt_snum)
t:add(f_packettype,pkdt_type,v_packettype)
t:add(f_packetAllLength,pkdt_length,v_alllength)
v_curnode_pos=3
repeat
v_curnode_num=buf(v_curnode_pos,1):uint()
v_curnode_len=buf(v_curnode_pos+1,2):le_uint()
if v_curnode_len==0 then break end
local nodet=t:add(f_node,buf(v_curnode_pos,v_curnode_len+3),v_curnode_num)-- +3是因为包括节点号和节点长度
nodet:add(f_nodenum,buf(v_curnode_pos,1),v_curnode_num)
nodet:add(f_nodelength,buf(v_curnode_pos+1,2),v_curnode_len)
v_curcmd_pos=v_curnode_pos+3
v_curnode_pos=v_curnode_pos+v_curnode_len+3
--local ctrlt=nodet:add()
repeat
v_cur_cmd=buf(v_curcmd_pos,2):le_uint()
c_curcmd_len=buf(v_curcmd_pos+2,1):uint()
local ctrlt=nodet:add(f_nodectrlcmd,buf(v_curcmd_pos,2),v_cur_cmd)
ctrlt:add(f_nodectrlcmd_length,buf(v_curcmd_pos+2,1),c_curcmd_len)
ctrlt:add(f_nodectrlcmd_value,buf(v_curcmd_pos+3,c_curcmd_len))
v_curcmd_pos=v_curcmd_pos+c_curcmd_len
until v_curcmd_pos>=v_curcmd_pos
until v_curnode_pos >=v_datalength
-- t:add(f_packetSerilNum,v_num)
-- local
-- t:add(,buf(1,2))
-- t:add(f_packettype,v_packettype)
-- t:add(f_packetAllLength,v_alllength)
-- t:add(f_operator,v_operator)
-- if ((i_operator == 1) or (i_operator == 128)) and (buf_len >= 25) then
-- t:add(f_left,buf(17,4))
-- t:add(f_right,buf(21,4))
-- elseif ((i_operator == 17) or (i_operator == 144)) and (buf_len >= 20) then
-- t:add(f_red,buf(17,1))
-- t:add(f_green,buf(18,1))
-- t:add(f_blue,buf(19,1))
-- end
return true
end
function p_EtherMAC.dissector(buf,pkt,root)
if EtherMAC_dissector(buf,pkt,root) then
--valid ScoreBoard diagram
else
data_dis:call(buf,pkt,root)
end
end
local udp_encap_table = DissectorTable.get("ethertype")
udp_encap_table:add(0x8382,p_EtherMAC)
end
--[[
i = 1
repeat
print (i)
i = i + 1
until i > 5
]]--