wireshark lua

最新推荐文章于 2024-07-26 14:50:22 发布

xlbtlmy

最新推荐文章于 2024-07-26 14:50:22 发布

阅读量211

点赞数

文章标签： lua wireshark 开发语言

本文链接：https://blog.csdn.net/u011958166/article/details/129483899

版权

test = Proto("TEST", "tt")

local f_header = ProtoField.uint16("test.header","header",base.HEX)
local f_opcode = ProtoField.uint16("test.opcode","opcode",base.HEX)
local f_length = ProtoField.uint8("test.length","length",base.HEX)
local f_data   = ProtoField.bytes("test.data","data")

test.fields = {
	f_header,
	f_opcode,
	f_length,
	f_data
}

function test.dissector(buf, pinfo, root)
	if buf:len() <= 0 then
		return
	end

	subtree = root:add(test,buf(),"all"):append_text("("..buf:len()..")")

	local cnt = 0
	local len = 0
	local id = 0
	local childtree = {}
	
	while true
	do
		childtree[cnt] = subtree:add(test,buf(),"element"):append_text("("..cnt..")")

		childtree[cnt]:add(f_header, buf(id + 0,2)):append_text("(".."header"..")")
		childtree[cnt]:add(f_opcode, buf(id + 2,2)):append_text("(".."opcode"..")")
		childtree[cnt]:add(f_length, buf(id + 4,1)):append_text("(".."length"..")")
		
		len = buf(id + 4,1):uint()
		
		if len > 0 then
			childtree[cnt]:add(f_data, buf(id + 5, len))
		end
		
		cnt = cnt + 1

		if id + len + 5 >= buf:len() then
			break
		else
			id = id + len + 5
		end
	end
end

function test.init()
	local tcp_dissector_table = DissectorTable.get("tcp.port")
	
	for i,port in ipairs{12345} do
		tcp_dissector_table:add(port,test)
	end
end