Intro and lua question

[Jerry White <jerrywhite518 () gmail com>]

Hi,

Quick intro: I'm Jerry White, live in the SF Bay Area. I've been a
Wireshark user since the ethereal days. Also have pretty good experience
with Riverbed SteelCentral Transaction Analyzer (aka ATX.) I used to work
for OPNET/Riverbed. So Gerald Combs and I were co-workers. And Laura
Chappell is my hero. Okay, name dropping is done, here's my question:

My coding skills are rudimentary. Perhaps a 2 out of 10. I'm writing my
first lua dissector. The protocol runs under tcp on a certain port range.
I've gotten a lot of help by following Hadriel Kaplan's sample script and
youtube video.  Everything was cool, I built a tree and put stuff into the
info column in the WS gui. Now I've just learned that the protocol repeats
itself inside of a packet. Let me give you an example:

Simple packet
<tcp header stuff><MyProto fixed length header><MyProto variable length
data>

I can pull stuff out of the MyProto header and data fields just fine. If
life were just these type of packets I wouldn't be here.

Advanced packet
<tcp header stuff><MyProto fixed length header><MyProto variable length
data><MyProto fixed length header><MyProto variable length data><MyProto
fixed length header><MyProto variable length data>

This packet has three application transactions in it. The first 8 bytes of
the MyProto header are always the same, and I can count from there into the
packet to parse out the fields I need. The problem is, since the data
section is variable length, I don't know where to look for the next header.
How do I do that in lua?

Here's my code:

function mgi.dissector(tvbuf, pktinfo, root)

pktinfo.cols.protocol:set("SomosMGI")
local pktlen = tvbuf:reported_length_remaining()
local tree = root:add(mgi, tvbuf:range(0,pktlen))
local info_mgi_header = tvbuf:range(0,4)
tree:add(pf_mgi_header, tvbuf:range(0,4))
local info_mgi_msg_id = tvbuf:range(9,10)
tree:add(pf_mgi_msg_id, tvbuf:range(9,10))
local info_mgi_flag = tvbuf:range(19,1)
tree:add(pf_mgi_flag, tvbuf:range(19,1))
local info_mgi_msg_type = tvbuf:range(99,7)
tree:add(pf_mgi_msg_type, tvbuf:range(99,7))
local info_mgi_msg_subtype = tvbuf:range(157,4)
tree:add(pf_mgi_msg_subtype, tvbuf:range(157,4))

--if info_mgi_flag ==  "c4" then
--pktinfo.cols.info:set("HEADER=")
--pktinfo.cols.info:append("".. info_mgi_header ..",") -- printed "7e7e7e7e"
pktinfo.cols.info:set("MSGID=")
pktinfo.cols.info:append("".. info_mgi_msg_id ..",")
pktinfo.cols.info:append("FLAG=")
pktinfo.cols.info:append("".. info_mgi_flag ..",")
pktinfo.cols.info:append("MSGTYPE=")
pktinfo.cols.info:append("".. info_mgi_msg_type ..",")
pktinfo.cols.info:append("SUBTYPE=")
pktinfo.cols.info:append("".. info_mgi_msg_subtype .."")
--end
return pktlen


Thanks for any help you can provide.
Jerry

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe