Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Lua dissector for raw 802.11 data frames

From: "Kanstrup, Mikael" <Mikael.Kanstrup () sony com>
Date: Tue, 22 May 2018 12:59:59 +0000
?> I am working on a dissector that dissects a proprietary protocol that uses raw 802.11 data frames. The protocol > 
specification is not open so I won't be able to contribute the dissector. I've therefore chosen to implement it in Lua.






Without patching Wireshark's 802.11 dissector I'm not able to register my own dissector. So seeking advice on proper 

ways to proceed and implement.




I can get it working by adding support for heuristic sub-dissectors on 802.11 data frames. An unfinished example > 
uploaded here:



https://code.wireshark.org/review/#/c/27641/?


I've uploaded an updated version of that patch that now only hand-offs the data portion of the frame. This together 
with me realizing that frame header fields can be accessed via Fields.new(...) solves the original problems I faced.

With the patch above applied I can register a (Lua) heuristics dissector for raw 802.11 data frames.

Updated Lua sample dissector below:

local proto_example = Proto("example", "example protocol")

local wlan_ra_f = Field.new("wlan.ra")
local f = proto_example.fields

function is_example_protocol(tvb, pinfo)
    -- check frame and decide whether example protocol
    -- if access to 802.11 frame header fields is needed these can
    -- be retrieved via:
    local wlan_ra = wlan_ra_f()
    -- ...
    return true
end

function proto_example.dissector(tvb, pinfo, tree)
    if not is_example_protocol(tvb) then
        return 0
    end
    pinfo.cols.info = ""
    pinfo.cols.protocol = "Example"
    tree = tree:add(proto_example, tvb)
    tree:add(f.data, tvb(0));
    return tvb:len()
end

proto_example:register_heuristic("wlan_data", proto_example.dissector)

f.data = ProtoField.bytes("example.data", "data")

/Mikael
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: