wireshark lua for a new ethernet header
I want to use wireshark to strip or recognize a new ethernet header.
The whole packets like: Ethernet II header(type 0xf001)+new private header(10 bytes)+normal ethernet type like 0x0800 or 0x0806+data
Here is my lua, my problem is wireshark cannot go ahead process normal ethernet type.
f2_shim = Proto ("f2_shim","Cisco F2 shim header")
index = ProtoField.uint16("Index","f2_shim.index",base.HEX)
data = ProtoField.uint64("Data","f2_shim.data",base.HEX)
f2_shim.fields = {index, data}
function f2_shim.dissector(buffer,pinfo,tree)
pinfo.cols.protocol = "f2_shim"
local subtree = tree:add(f2_shim,buffer(),"f2_shim Header")
subtree:add(index,buffer:range(0,2))
subtree:add(buffer(2,8),"data1: " .. buffer(2,8):uint64())
Dissector.get("ethertype"):call(buffer:range(10):tvb(),pinfo,tree)
end
ether_table = DissectorTable.get("ethertype")
ether_table:add(0xf001,f2_shim)
Comments
Your problem description is unclear, please elaborate.
Thanks for look at this.
Device add a 12 byte header after Eth SRC MAC.
Ethernet II header(new type 0xf001, 2 bytes)+new private header(10 bytes)+normal ethernet type like 0x0800 or 0x0806+data
//"f0 01" is new ethernet type
//"19 00 00 24 00 83 00 03"
Do not care this, then we can see normal ethernet type 0800
You again describe what you have, but don't describe the problem. What is happening? What is the current output? And what are you expecting? Up 'til now the problem description comes down to 'it doesn't work'. That's unclear, please elaborate _on the problem_.
There needs to be some setup done before
ethertype
is called.That is normally done in packet-eth which has three dissectors:
eth
is expecting the MAC addresses before the ethertype field.The example below works but probably can be done cleaner.
Pieces above are not a complete answer but maybe give a direction.