do
--123用于过滤。DoIP protocol用于显示tree的协议名称
local wgm2 = Proto("654321","DoIPprotoco") --定义协议名称
local NAME1 = "DoIP"
fields_p_version = ProtoField.uint8 (NAME1 .. ".pv", "protocol version", base.HEX,
{ [0x00] = "reserved",
[0x01] = "DoIP ISO/DIS 13400-2:2010",
[0x02] = "DoIP ISO 13400-2:2012",
[0x03] = "reserved",})
fields_type = ProtoField.uint16(NAME1 .. ".type", "type",base.HEX,
{
[0x0000] = "Generic Doip header negative acknowledge ",
--server type
[0x0001] = "Doip Server Vehicle Identification request message",
[0x0002] = "Doip Server Vehicle indentification request message with EID",
[0x0003] = "Doip Server Vehicle indentification request message with VIN",
[0x0005] = "激活请求",
[0x0008] = "Doip Server Alive Check response",
[0x4001] = "Doip Server Doip entify status request",
[0x4003] = "Doip Server Diagnostic power mode information request",
[0x8001] = "Diagnostic message",
--client type
[0x0004] = "Vehicle announcement message/vehicle indentification requset",
[0x0006] = "激活应答",
[0x0007] = "Alive Check request",
[0x4002] = "DoIP Entity status response ",
[0x4004] = "Diagnostic power mode information response",
[0x8002] = "诊断信息积极响应",
[0x8003] = "诊断信息负响应",
})
yuan_dizhi = ProtoField.uint16(NAME1 .. ".type", "type",base.HEX,
{
[0x0e80] = "源地址tester ",
--server type
[0x1111] = "源地址网关",
[0x2222] = "源地址DOIP节点",
})
mubiao_dizhi = ProtoField.uint16(NAME1 .. ".type", "type",base.HEX,
{
[0x088e] = "目标地址tester ",
--server type
[0x1111] = "目标地址网关",
[0x2222] = "目标地址doip节点",
})
wgm2.fields = {fields_p_version, fields_l_version,fields_type,fields_length,mubiao_dizhi,yuan_dizhi,}
---获取端口号关键函数1
tcp_dst_f = Field.new("tcp.dstport")
function wgm2.dissector(TVB,pinfo,tree)
--TVB代表每一帧所有数据,pinfo代表一个log内所有帧,tree代表每一帧所有的>^折叠和展开箭头 。但是由于咱们绑定的是UDP和TCP以下,所以TVB指的是data部分
--cols代表所有pinfo帧的某一帧,,其proctocol 指的是协议,它可以是length、或者source
local DoIP_type = TVB(2,2):uint()
pinfo.cols.protocol=DoIP_type
--if ( DoIP_type == 0x8003) then
--pinfo.cols.protocol = "TTTTTTTT"
--end
if(DoIP_type == 0x0006) then
pinfo.cols.protocol = "车辆回应的激活应答"
elseif (DoIP_type == 0x8003) then
pinfo.cols.protocol = "诊断信息负响应"
end
if((DoIP_type ~= 0x0006) and (DoIP_type ~=0x0005) and ( DoIP_type ~=0x8003)) then
pinfo.cols.protocol = "DOIP"
-- pinfo.cols.info = ""// 同样的用法
end
---获取端口号关键函数2
local huoquport = tcp_dst_f()
---对获取端口号做判断
if (tostring(huoquport) == "13400") then
if(DoIP_type == 0x0005) then
pinfo.cols.protocol = "诊断仪发送激活请求"
end
end
subtree = tree:add(wgm2, TVB(0,3)) --添加解析子树
subtree:add(fields_p_version, TVB(0,3))
subtree:add(fields_type, TVB(2,3)) --增加在协议子树中加协议版本字段
subtree:add(yuan_dizhi, TVB(9,2))
subtree:add(mubiao_dizhi, TVB(11,2))
end
--- if (DoIP_type == 0x0004)then
-- pinfo.cols.protocol = "网关的UDP广播报文"
--
--- end
-- trivial postdissector example
-- declare some Fields to be read
--ip_src_f = Field.new("ip.src")
--ip_dst_f = Field.new("ip.dst")
--tcp_src_f = Field.new("tcp.srcport")
--tcp_dst_f = Field.new("tcp.dstport")
----udp_dst_f = Field.new("udp.dstport")
local tcp_encap_table = DissectorTable.get("tcp.port")
--因为我们的DT协议的接受端口肯定是50002,所以这里只需要添加到"udp.port"这个DissectorTable里,并且指定值为50002即可。
--udp_encap_table("udp.dstport")
tcp_encap_table:add(13400, wgm2)
end
wireshark插件编写以太网DOIP
最新推荐文章于 2024-02-02 13:13:20 发布
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
