HL7协议报文的解析脚本

最新推荐文章于 2024-06-26 09:36:08 发布

左眼的眼

最新推荐文章于 2024-06-26 09:36:08 发布

阅读量9.2k

点赞数 4

文章标签：脚本语言 lua wireshark HL7

本文链接：https://blog.csdn.net/sinistoreye/article/details/23307943

版权

本文介绍了一种使用Lua脚本在Wireshark中解析HL7协议报文的方法。由于Wireshark尚未将HL7解析功能内置，作者提供了一个基于HL7 v2.3.1的LUA脚本，适用于处理常见的message解析。虽然脚本未考虑TCP断包情况，但它展示了如何自定义解析规则，并附带了脚本应用后的效果展示。

摘要由CSDN通过智能技术生成

常跟HL7协议打交道，虽然是文本型协议，抓到的包也能凑合看一气，但看到wireshark抓到的报文，满屏的16进制数字矩阵仍然是很不爽，自己写个脚本一劳永逸最好

最然wireshark网站上建议将HL7协议解析功能加入基本解析库的呼声很大，但是各种原因wireshark扔未加进去，还需要我们人肉解析，我想原因之一就是IHE没有也不可能指定HL7协议使用的传输层协议和端口号吧，毕竟使用HL7协议的人数早就超过了wireshark规定的至少100W人的限定

wireshark本身是支持第三方脚本解析的，使用LUA脚本语言添加，如何使用LUA为wireshark写解析脚本的方法我就不累述了网上多的是，我只把脚本本身提出来供大家参考

脚本是基于HL7 v2.3.1的，只是制定了解析框架，添加了常见的message解析，各位如果有需要新增解析的，按规则添加就好了

另外如果传输层是TCP的话会有断包情况出现，这里这种情况考虑不多

下面是我要测试的报文内容，来自7edit软件下的demo.hl7文件：

MSH|^~\&|ADT1|MCM|LABADT|MCM|198808181126|SECURITY|ADT^A01|MSG00001|P|2.4
EVN|A01-|198808181123
PID|||PATID1234^5^M11||JONES^WILLIAM^A^III||19610615|M-||2106-3|1200 N ELM STREET^^GREENSBORO^NC^27401-1020|GL|(919)379-1212|(919)271-3434~(919)277-3114||S||PATID12345001^2^M10|123456789|9-87654^NC
NK1|1|JONES^BARBARA^K|SPO|||||20011105
NK1|1|JONES^MICHAEL^A|FTH
PV1|1|I|2000^2012^01||||004777^LEBAUER^SIDNEY^J.|||SUR||-||1|A0-
AL1|1||^PENICILLIN||PRODUCES HIVES~RASH
AL1|2||^CAT DANDER
DG1|001|I9|1550|MAL NEO LIVER, PRIMARY|19880501103005|F||
PR1|2234|M11|111^CODE151|COMMON PROCEDURES|198809081123
ROL|45^RECORDER^ROLE MASTER LIST|AD|CP|KATE^SMITH^ELLEN|199505011201
GT1|1122|1519|BILL^GATES^A
IN1|001|A357|1234|BCMD|||||132987
IN2|ID1551001|SSN12345678
ROL|45^RECORDER^ROLE MASTER LIST|AD|CP|KATE^ELLEN|199505011201

如果没有抓包脚本，你抓到的包看起来是这个样子的：

使用脚本以后，是这个样子的

还有这个样子的

下面就是脚本内容了

do
    --协议名称为HL7，在Packet Details窗格显示为HL7 Protocol
    local p_HL7 = Proto("HL7","HL7 Protocol")

    -- msh域
    local msh_Encoding_Characters           = ProtoField.string("hl7.encoding_characters","Encoding Characters")
    local msh_Sending_Application           = ProtoField.string("hl7.sending_application","Sending Application")
    local msh_Sending_Facility              = ProtoField.string("hl7.sending_facility","Sending Facility")
    local msh_Receiving_Application         = ProtoField.string("hl7.receiving_application","Receiving Application")
    local msh_Receiving_Facility            = ProtoField.string("hl7.receiving_facility","Receiving Facility")
    local msh_Time_of_Message               = ProtoField.string("hl7.time_of_message","Time of Message")
    local msh_Security                      = ProtoField.string("hl7.security","Security")
    local msh_Message_Type                  = ProtoField.string("hl7.message_type","Message Type")
    local msh_Message_Control_ID            = ProtoField.string("hl7.message_control_id","Message Control ID")
    local msh_Processing_ID                 = ProtoField.string("hl7.processing_id","Processing ID")
    local msh_Version_ID                    = ProtoField.string("hl7.version_id","Version ID")
    local msh_Sequence_Number               = ProtoField.string("hl7.sequence_number","Sequence Number")
    local msh_Continuation_Pointer          = ProtoField.string("hl7.continuation_pointer","Continuation Pointer")
    local msh_Accept_Acknowledgment_Type    = ProtoField.string("hl7.accept_acknowledgment_type","Accept Acknowledgment Type")
    local msh_Application_Acknowledge_Type  = ProtoField.string("hl7.application_acknowledge_type","Application Acknowledge Type")
    local msh_Country_Code                  = ProtoField.string("hl7.country_code","Country Code")
    local msh_Character_Set                 = ProtoField.string("hl7.character_set","Character Set")
    local msh_Principal_Language_of_Message = ProtoField.string("hl7.principal_language_of_message","Principal Language of Message")

    -- OBX域
    local obx_Set_ID_OBX                 = ProtoField.string("hl7.set_id_obx","Set ID OBX")
    local obx_Value_Type                 = ProtoField.string("hl7.value_type","Value Type")
    local obx_Observation_Identifier     = ProtoField.string("hl7.observation_identifier","Observation Identifier")
    local obx_Observation_Sub_Id         = ProtoField.string("hl7.observation_sub_id","Observation Sub-Id")
    local obx_Observation_Results        = ProtoField.string("hl7.observation_results","Observation Results")
    local obx_Units                      = ProtoField.string("hl7.units","Units")
    local obx_Reference_Range            = ProtoField.string("hl7.reference_range","Reference Range")
    local obx_Abnormal_Flags             = ProtoField.string("hl7.abnormal_flags","Abnormal Flags")
    local obx_Probability                = ProtoField.string("hl7.probability","Probability")
    local obx_Nature_of_Abnormal_Test    = ProtoField.string("hl7.nature_of_abnormal_test","Nature of Abnormal Test")
    local obx_Observ_Result_Status       = ProtoField.string("hl7.observ_result_status","Observ Result Status")
    local obx_Date_Last_Normal_Value     = ProtoField.string("hl7.date_last_normal_value","Date Last Normal Value")
    local obx_User_Defined_Access_Checks = ProtoField.string("hl7.user_defined_access_checks","User Defined Access Checks")
    local obx_Time_of_Observation        = ProtoField.string("hl7.time_of_observation","Time of Observation")
    local obx_Producer_ID                = ProtoField.string("hl7.producer_id","Producer ID")
    local obx_Responsible_Observer       = ProtoField.string("hl7.responsible_observer","Responsible Observer")
    local obx_Observation_Method         = ProtoField.string("hl7.observation_method","Observation Method")

    -- evn域
    local evn_Event_Type_Code    = ProtoField.string("hl7.event_type_code","Event Type Code")
    local evn_Time_of_Event      = ProtoField.string("hl7.time_of_event","Time of Event")
    local evn_Time_Planned_Event = ProtoField.string("hl7.time_planned_event","Time Planned Event")
    local evn_Event_Reason_Code  = ProtoField.string("hl7.event_reason_code","Event Reason Code")
    local evn_Operator_ID        = ProtoField.string("hl7.operator_id","Operator ID")
    local evn_Event_Occurred     = ProtoField.string("hl7.event_occurred","Event Occurred")

    -- pid域
    local pid_Set_ID_Patient_ID        = ProtoField.string("hl7.set_id_patient_id","Set ID - Patient ID")
    local pid_Patient_ID_External_ID   = ProtoField.string("hl7.patient_id_external_id","Patient ID (External ID)")
    local pid_Patient_ID_Internal_ID   = ProtoField.string("hl7.patient_id_internal_id","Patient ID (Internal ID)")
    local pid_Alternate_Patient_ID     = ProtoField.string("hl7.alternate_patient_id","Alternate Patient ID")
    local pid_Patients_Name            = ProtoField.string("hl7.patients_name","Patient's Name")
    local pid_Date_of_Birth            = ProtoField.string("hl7.date_of_birth","Date of Birth")
    local pid_Sex                      = ProtoField.string("hl7.sex","Sex")
    local pid_Patient_Alias            = ProtoField.string("hl7.patient_alias","Patient Alias")
    local pid_Patient_Address          = ProtoField.string("hl7.patient_address","Patient Address")
    local pid_Phone_Number_Home        = ProtoField.string("hl7.phone_number_home","Phone Number - Home")
    local pid_Marital_Status           = ProtoField.string("hl7.marital_status","Marital Status")
    local pid_Religion                 = ProtoField.string("hl7.religion","Religion")
    local pid_Patient_Account_Number   = ProtoField.string("hl7.patient_account_number","Patient Account Number")
    local pid_SSN_Number_Patient       = ProtoField.string("hl7.ssn_number_patient","SSN Number - Patient")
    local pid_Drivers_License_Patient  = ProtoField.string("hl7.drivers_license_patient","Drivers License - Patient")
    local pid_Mothers_Identifier       = ProtoField.string("hl7.mothers_identifier","Mother's Identifier")
    local pid_Birth_Place              = ProtoField.string("hl7.birth_place","Birth Place")
    local pid_Multiple_Birth_Indicator = ProtoField.string("hl7.multiple_birth_indicator","Multiple Birth Indicator")
    local pid_Birth_Order              = ProtoField.string("hl7.birth_order","Birth O