First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

http2 post dissector not called for data

I am writing a lua dissector to analyze data inside a http2 packet.

f_http2_type = Field.new("http2.type")
rpc_pd = Proto("rpc_ext","rpc dissector")

function rpc_pd.dissector(buffer,pinfo,tree)

    local rpc_msg_field  = f_http2_type()

    if (rpc_msg_field.value == 0x00) then
        io.write("Type: Data")
    elseif (rpc_msg_field.value == 0x01) then
        io.write("Type: Header")
    end

register_postdissector(rpc_pd)

In tcp segment, http2 header and http2 data parts come together. Above dissector is called only for http2 header and not for http2 data which is in same tcp segment after header.

please suggest a solution.

ranjeetsih's avatar
1
ranjeetsih
asked 2021-02-03 11:11:10 +0000, updated 2021-02-03 11:12:49 +0000
edit flag offensive 0 remove flag close merge delete

Comments

I am facing the same issue, did you get a clue about this? Thanks a lot.

sky's avatar sky (2021-06-20 03:32:33 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

Here is a doctored up version of the original Lua above.

The syntax changes are from looking through the Lua Examples on the Wireshark wiki. 

f_http2_type = Field.new("http2.type")
rpc_pd = Proto("rpc_ext","rpc dissector")

function rpc_pd.dissector(buffer,pinfo,tree)

    finfos = { f_http2_type() }

    for _, rpc_msg_field in ipairs(finfos) do

        io.write(pinfo.number)
        io.write(": ")
        if (rpc_msg_field.value == 0x00) then
            io.write("Type: Data\n")
        elseif (rpc_msg_field.value == 0x01) then
            io.write("Type: Header\n")
        else
            io.write("Type: ")
            io.write(rpc_msg_field.value)
            io.write("\n")
        end
    end
end

register_postdissector(rpc_pd)

http2.type can occur in a packet multiple times (Wireshark uses the term "occurrence". In SNMP it's similar to a multi-instance OID). From the wiki example code:

  57         -- extract the field into a table of FieldInfos
  58         finfos = { field() }

Then iterate over the array members:
66 for _, finfo in ipairs(finfos) do

Chuckc's avatar
3k
Chuckc
answered 2021-06-20 05:24:30 +0000, updated 2021-06-20 05:47:25 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer