This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

EtherCAT sub-dissector in Lua

0

Hi,

I want to create an EtherCAT subdissector in Lua, to dissect the payload of the EtherCAT datagrams. Consulting the WireShark documentation didn't help me out, I know how to build a custom (chain/post-) dissector in Lua but not how to dissect data of an existing protocol.

Post- or Chain dissectors allow me to dissect the data outside of the existing protocol, so my tree items are listed below the EtherCAT dataframes instead of expanding the ecat protocol.

In other words, I can do this:

+ EtherCAT frame header
- EtherCAT datagram(s)
      - EtherCAT datagram 1
            + Header
            Data
      + EtherCAT datagram 2
+ My protocol

But I want to do something like this:

+ EtherCAT frame header
- EtherCAT datagram(s)
      - EtherCAT datagram 1
            + Header
            - Data
                  + My protocol
      + EtherCAT datagram 2

On WireShark EtherCAT protocol they recommend using the heur_dissector_add("ecat.data",..) function, which seems to fulfill my purpose except that Lua does not accept this function.

Any ideas or tips on how to access and dissect ecat.data using a Lua script?

Best regards, Gerald

asked 17 Sep '13, 19:31

Gerald's gravatar image

Gerald
56116
accept rate: 100%

edited 19 Sep '13, 23:39

2 Answers:

0

recommend using the heur_dissector_add("ecat.data",..) function, which seems to fulfill my purpose except that Lua does not accept this function.

registering heuristic dissectors is not implemented for Lua, that's the reason you cannot do it.

Unless somebody (you or a Wireshark developer) implements that feature, your only option is to write the sub-dissector in C.

Any ideas or tips on how to access and dissect ecat.data using a Lua script?

You may try to use a post dissector. However I'm not sure if that will work with your problem. It depends on your requirements. Maybe you just try it.

http://wiki.wireshark.org/Lua
http://wiki.wireshark.org/Lua/Dissectors
http://wiki.wireshark.org/Lua/Examples/PostDissector

Regards
Kurt

answered 20 Sep '13, 05:09

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Thank you for your answer.

I hoped to avoid using C, but it seems Lua is not (yet) able to fulfill my requirements.

I tried using both a chained and a post dissector, but the results are the same. My dissection works perfectly, but only after the standard (in my case ecat) protocol/dissector. I cannot find a way to (sub-) dissect the 'ecat.data' field within the standard protocol/dissector.

Maybe I should give up on using Lua and try this in C.

Best regards, Gerald

(21 Sep '13, 01:19) Gerald

Maybe I should give up on using Lua and try this in C

if you need a real sub-dissector (your description sounds like that), then yes.

You could also try to add sub-dissector support for Lua to Wireshark ;-)

(21 Sep '13, 03:18) Kurt Knochner ♦

2

Heuristic dissector support for Lua scripts is now available in 1.11.3, in the latest nightly builds. This was added as part of enhancement bug 9815.

answered 15 Mar '14, 09:03

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%