ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] LUA support for compressed protocols

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx>
Date: Mon, 5 Jun 2023 15:20:02 +0200
Hello Chuck, all,
ok, it is clear how it is done, thank you for that and probably yes, all the methods should be available in LUA too, if they are not already through some sort of API exporting, so are they ?  It will not help me, however, as in my case it is some LZW78/V42bis-derived method, so the question still remains, sort of at least -- how to extend uncompress routines in tvbuff.h file -- is the only way to go to extend the file by something like:

/* just general example */
WS_DLL_PUBLIC tvbuff_t *tvb_uncompress_v42bis(tvbuff_t *tvb,
    const int offset, int comprlen);

and implementation then in tvbuff.c or something and then to  build this (semi)-private version of Wireshark or are there any smarter ways to go about it ? I, for my part, do not
see any.

Kind Regards
Ariel Burbaickij

On Sun, Jun 4, 2023 at 1:48 PM chuck c <bubbasnmp@xxxxxxxxx> wrote:
https://gitlab.com/wireshark/wireshark/-/issues/16451
Improve documentation for tvbrange:uncompress, and add similar methods for other compression algorithms

Is it a matter of adding Lua support for one of the existing compression algorithms (https://gitlab.com/wireshark/wireshark/-/blob/master/epan/tvbuff.h)?

On Thu, Jun 1, 2023 at 3:07 AM Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx> wrote:
Hello Chuck, all,
yes, it is not a bad starter, indeed,  the key line in this context is this one, of course:

            if proto_zip.prefs.decompress and comp_method == 8 then
                local data_tvb = tvb(offset, data_len):uncompress("Decompressed data")

so, it operates on DEFLATE (method 8 as per ZIP spec) method by default. Which leads to the next question: can/should  functions in LUA, uncompress in this case, be overridden, it is a generic term but I guess you got an idea -- same name/access to tvb but different functionality,  as in my specific case it is for sure not what is used for compression ?

Kind Regards
Ariel Burbaickij




On Thu, Jun 1, 2023 at 7:47 AM chuck c <bubbasnmp@xxxxxxxxx> wrote:
https://wiki.wireshark.org/Contrib#file-formats
file-zip.lua - 2016-12-22 - 1.11.3? - Dissects the structure of a Zip archive using heuristics. Hosted on git.lekensteyn.nl

                local data_tvb = tvb(offset, data_len):uncompress("Decompressed data")

On Wed, May 31, 2023 at 3:52 PM Maynard, Chris via Wireshark-users <wireshark-users@xxxxxxxxxxxxx> wrote:

I don’t have any examples to share, but Lua does have support for compressed data in the form of tvbrange:uncompress(name).  You could searching at https://wiki.wireshark.org/Lua (as well as the examples and contrib pages) to *possibly* find some examples using it.

 

- Chris

Ref: 11.6.3.28. tvbrange:uncompress(name): https://www.wireshark.org/docs/wsdg_html/#lua_class_TvbRange

 

 

From: Wireshark-users <wireshark-users-bounces@xxxxxxxxxxxxx> On Behalf Of Ariel Burbaickij
Sent: Wednesday, May 31, 2023 4:35 AM
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Subject: [Wireshark-users] LUA support for compressed protocols

 

Hello community,

Wireshark Developers' Guide in section 9.4 provides a rough guideline  for C dissector plugin. I am looking for some examples on how to handle compressed protocols (in the specific case -- something V.42bis over TCP inspired) in LUA. Are you aware of any such examples ?

 

Kind Regards

Ariel Burbaickij

CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube