This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Lua dissector for protocol with multiple packet types

0

Dear experts,

I have the following problem: I am trying to build a LUA dissector for a custom protocol which has multiple packet formats. The protocol is built on top of UDP and has the following format:

| UDP | Header - 8 bytes (0 to 7) | Fixed length PDUs 37 bytes - different types |

The type of the PDU is given by the 8th byte.

The question is: How can I identify the PDU type using the value of the 8th byte?

I have tried comparing the int value with no result! If I use the following code inside the dissector function,I get the error message "C stack overflow"

-- let's say byte 8 is in HEX 0x35
local TYPE = buffer(8,1):uint()
   if TYPE:uint() == 53 then
    subtree:add (.....)
   end

Any ideas/hints about how to solve this would be appreciated!

Thank you

asked 15 Sep '16, 06:51

panai's gravatar image

panai
6113
accept rate: 0%

edited 15 Sep '16, 22:37


One Answer:

0

Try using:

...
if TYPE == 0x35 then
...

answered 15 Sep '16, 07:15

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Hello grahamb

I used:

local TYPE = buffer(8,1):uint()

if TYPE == 0x53 then ...

I get the same error " C Stack Overflow " - I don'd understand how the type conversion works, now regarding the above code I did not expect it to work because I defined the TYPE variable as a decimal value, so basically I am trying to compare a decimal value with a hex one ..I don't know ...

Thank You

(15 Sep '16, 23:08) panai

Lua variables are not typed, the :uint() suffix says how to treat the byte(s) read from the buffer. A hex integer literal of 0x35 is simply another representation of the decimal value 53.

You must have some other error in your Lua code causing the issue, either post the full contents so others can look at it and help, or try commenting out sections until you find which bit breaks.

(16 Sep '16, 02:19) grahamb ♦

Very strange, I have somehow fixed the issue! I have changed the parameters of the buffer function in the subtree initialization.

Originally I had:

local subtree = tree:add (PROTO, buffer())

I changed it to:

function PROTO.dissector (buffer, pinfo, tree)

local subtree = tree:add (PROTO, buffer(0, 1))

pinfo.cols.info:append (" (" .. PROTO.description .. ")")

subtree:add (f.type, buffer(0,1)) subtree:add (f.seq, buffer(1,1)) subtree:add (f.length, buffer(2,2)) subtree:add (f.time, buffer(4,4))

PDU_TYPE = buffer(8,1):uint()

if PDU_TYPE == 0x35 then ....

and everything works

Thank you for the explanations!

(16 Sep '16, 04:45) panai

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(16 Sep '16, 05:10) grahamb ♦