wireshark插件编写以太网DOIP

最新推荐文章于 2024-08-18 18:53:42 发布

倚天仗剑走天涯WGM

最新推荐文章于 2024-08-18 18:53:42 发布

阅读量1.2k

点赞数

分类专栏：笔记文章标签： wireshark 网络网关

本文链接：https://blog.csdn.net/weixin_44435894/article/details/115322936

版权

笔记专栏收录该内容

28 篇文章 25 订阅

订阅专栏

do
    --123用于过滤。DoIP protocol用于显示tree的协议名称
local wgm2 = Proto("654321","DoIPprotoco")  --定义协议名称

local NAME1  = "DoIP"

	fields_p_version     = ProtoField.uint8 (NAME1 .. ".pv", "protocol version", base.HEX,
							{	[0x00] = "reserved",
								[0x01] = "DoIP ISO/DIS 13400-2:2010",
								[0x02] = "DoIP ISO 13400-2:2012",
								[0x03] = "reserved",})
	fields_type   = ProtoField.uint16(NAME1 .. ".type", "type",base.HEX,
							{
								[0x0000] = "Generic Doip header negative acknowledge ",
								--server  type
								[0x0001] = "Doip Server Vehicle Identification request message",
								[0x0002] = "Doip Server Vehicle indentification request message with EID",
								[0x0003] = "Doip Server Vehicle indentification request message with VIN",
								[0x0005] = "激活请求",
								[0x0008] = "Doip Server Alive Check response",
								[0x4001] = "Doip Server Doip entify status request",
								[0x4003] = "Doip Server Diagnostic power mode information request",
								[0x8001] = "Diagnostic message",	
								--client type
								[0x0004] = "Vehicle announcement message/vehicle indentification requset",	
								[0x0006] = "激活应答",	
								[0x0007] = "Alive Check request",	
								[0x4002] = "DoIP Entity status response ",	
								[0x4004] = "Diagnostic power mode information response",	
								[0x8002] = "诊断信息积极响应",	
								[0x8003] = "诊断信息负响应",	
								})
	yuan_dizhi   = ProtoField.uint16(NAME1 .. ".type", "type",base.HEX,
							{
								[0x0e80] = "源地址tester ",
								--server  type
								[0x1111] = "源地址网关",
								[0x2222] = "源地址DOIP节点",
								})
								
	mubiao_dizhi   = ProtoField.uint16(NAME1 .. ".type", "type",base.HEX,
							{
								[0x088e] = "目标地址tester ",
								--server  type
								[0x1111] = "目标地址网关",
								[0x2222] = "目标地址doip节点",
								})
								
    wgm2.fields = {fields_p_version, fields_l_version,fields_type,fields_length,mubiao_dizhi,yuan_dizhi,}
 
	 ---获取端口号关键函数1
	tcp_dst_f = Field.new("tcp.dstport")

    function wgm2.dissector(TVB,pinfo,tree) 
    --TVB代表每一帧所有数据，pinfo代表一个log内所有帧，tree代表每一帧所有的>^折叠和展开箭头  。但是由于咱们绑定的是UDP和TCP以下，所以TVB指的是data部分
    --cols代表所有pinfo帧的某一帧，，其proctocol 指的是协议，它可以是length、或者source    
              local DoIP_type = TVB(2,2):uint()
				pinfo.cols.protocol=DoIP_type
				
				--if ( DoIP_type == 0x8003) then
				--pinfo.cols.protocol = "TTTTTTTT"
				--end 
	 		  if(DoIP_type == 0x0006) then
			  
			  pinfo.cols.protocol = "车辆回应的激活应答"
			  elseif (DoIP_type == 0x8003) then
			  pinfo.cols.protocol = "诊断信息负响应"
			  end

			  if((DoIP_type ~= 0x0006) and (DoIP_type ~=0x0005) and ( DoIP_type ~=0x8003)) then
		  
		       pinfo.cols.protocol = "DOIP"
			   
			  -- pinfo.cols.info = ""//  同样的用法
			  end
			  
	 
	  ---获取端口号关键函数2
         local huoquport = tcp_dst_f()
	 
	 ---对获取端口号做判断
		 if (tostring(huoquport) ==  "13400") then 
		  
				  if(DoIP_type == 0x0005) then
				  
				  pinfo.cols.protocol = "诊断仪发送激活请求"
				  
				  end
				  
		  

		  end
     
    subtree = tree:add(wgm2, 		TVB(0,3))  --添加解析子树
    subtree:add(fields_p_version, 	TVB(0,3))
  
    
    subtree:add(fields_type, 	TVB(2,3))   --增加在协议子树中加协议版本字段
    subtree:add(yuan_dizhi, 	TVB(9,2))   
    subtree:add(mubiao_dizhi, 	TVB(11,2))   




end






--- if (DoIP_type == 0x0004)then
--     pinfo.cols.protocol = "网关的UDP广播报文"
-- 
--- end





-- trivial postdissector example
-- declare some Fields to be read
--ip_src_f = Field.new("ip.src")
--ip_dst_f = Field.new("ip.dst")
--tcp_src_f = Field.new("tcp.srcport")
--tcp_dst_f = Field.new("tcp.dstport")


----udp_dst_f = Field.new("udp.dstport")














    local tcp_encap_table = DissectorTable.get("tcp.port")
    --因为我们的DT协议的接受端口肯定是50002，所以这里只需要添加到"udp.port"这个DissectorTable里，并且指定值为50002即可。
	
	 --udp_encap_table("udp.dstport")
     tcp_encap_table:add(13400, wgm2)
	

end