Wireshark-dev: [Wireshark-dev] LUA TCP protocol dissector

From: Christer Palm <hcgpalm@xxxxxxxxx>
Date: Sun, 03 Feb 2008 16:20:53 +0100

Hi,

First of all you should know that I'm new to wireshark development, so please forgive me if any of this doesn't make sense.

I'm trying to slap together a quick and dirty dissector for helping me out in debugging a proprietary protocol. I also need the dissector to run on both linux and windows, but I don't have access to the windows development environment.

Thus, I've been toying around with a dissector written in LUA, which appears to be a perfect match for my needs.

The LUA stuff is quite impressive and I've got everything to mostly work. However, I have run into a fundamental problem - the protocol is TCP based, and as such I need to at least be able to keep some state on a conversation level.

It seems that there is no way to access the two recommended (in README.developer) methods of reassembling TCP PDU:s, i.e. tcp_dissect_pdus() or the pinfo->desegment_offset/len stuff.

Neither does it seem to be a LUA API support for any of the conversation stuff in wireshark.

I've been experimenting with keeping my own state in a frame-indexed LUA table, which works fine for keeping state for a given frame, but I haven't been able to access the tcp.continuation_to field (I always get nil reading it), which I need to get to the header frame entry.

Any ideas/tricks that can be used to get around this?


Also, I have found some other minor problems that might be worth reporting:

- TvbRange.len doesn't seem to work for some reason. As a workaround I use TvbRange:bytes():len(). - There's no equivalent to tvb_get_stringz(), although it's easy enough to code your own one.

Regards,
--
Christer Palm