First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

LUA & search in the nested packet...

  • retag add tags

Hello,

in my LUA protocol dissector there could be a specific packet type that says an IP/UDP/SIP packet follows:

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

I'm wondering if it could be possible to extract some SIP information (like sip.Call-ID if present) to enrich my custom layer, ideally something like:

...
-- ideal code I'm looking for:
local sip_callID_field = Field.new("sip.Call-ID")
nested_sip_pkt = Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
local finfo = sip_callID_field(nested_sip_pkt)
s8hr_tree:append_text(finfo)
...

Any simple way to extract wireshark-known elements buried in the nested layers returned by Dissector.get("ip") ?

Thank you! A.

sezb51's avatar
9
sezb51
asked 2021-10-08 21:06:01 +0000, updated 2021-10-10 09:15:52 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Hello,

I just realized that it is simple as adding the Field.new just after the Proto(...) definition:

version = "v1.07n"
S8HR_proto = Proto ("s8hr", "S8HR [" .. version .. "]")
local sip_callID_field = Field.new("sip.Call-ID")

Then the "local finfo = sip_callID_field()" get populated with the value (when available):

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    local finfo = sip_callID_field()
    if (finfo ~= nil) then
      print(tostring(finfo))
    end
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

in fact LUA console does show now:

Sun Oct 10 13:36:50 2021 ZjI2NWZiZmMyYTNjN2Y3MDg0NDc5ODE0MDliY2M0ODg.
Sun Oct 10 13:36:52 2021 ZjI2NWZiZmMyYTNjN2Y3MDg0NDc5ODE0MDliY2M0ODg.
Sun Oct 10 13:36:53 2021 ZjI2NWZiZmMyYTNjN2Y3MDg0NDc5ODE0MDliY2M0ODg.
Sun Oct 10 13:36:54 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:54 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:55 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:55 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:56 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:57 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:57 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:57 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:57 2021 Yjc3NDg1YmRhNWExZDIxMzM3ZTY1NGNiNjhlYjA3OTA.
Sun Oct 10 13:36:58 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.
Sun Oct 10 13:36:58 2021 MGEwNjM5ZjQ1ZWIzMDFjYWUxMTNjY2IwMjE5OTE2MDU.

Thank you all, A.

sezb51's avatar
9
sezb51
answered 2021-10-10 11:44:55 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer