First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Call MAC dissector from .lua plugin

I am trying to call specific protocol dissectors from my .lua plugin. The line is:

Dissector.get("mac"):call(buf, pinfo, tree)

Some work (e.g. gtp) but others I need do not (e.g. mac for MAC, rsl for RSL). I looked at the epan/dissectors folder and tried other variations to no avail.

Anyone knows if the the correct name of the protocol? Also in wireshark itself I cannot use "decode as" since this protocol is missing.

whatever's avatar
1
whatever
asked 2018-12-05 07:38:09 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

If you're looking for the correct protocol names, you can try running something like tshark -G protocols | grep NAME … where NAME is the name of the protocol you're looking for. (Refer to the tshark man page for more details on the -G option.)

For example:

$ tshark -G protocols | grep RSL
Radio Signalling Link (RSL)     RSL     gsm_abis_rsl

So in the case of RSL, it looks like you'd need Dissector.get("gsm_abis_rsl"):call(buf, pinfo,tree)

Of course this doesn't always work, because the same search for MAC does find it:

$ tshark -G protocols | grep MAC
DOCSIS Mac Management   DOCSIS MAC MGMT docsis_mgmt
MACsec Key Agreement    EAPOL-MKA       mka
Radio Link Control, Medium Access Control, 3GPP TS44.060        GSM RLC MAC    gsm_rlcmac
ISMACryp Protocol       ISMACRYP        ismacryp
**MAC     MAC     mac**
MAC-LTE MAC-LTE mac-lte
mac-lte-framed  MAC-LTE-FRAMED  mac-lte-framed
MAC-NR  MAC-NR  mac-nr
MikroTik MAC-Telnet Protocol    MAC-Telnet      mactelnet
MAC Control     MACC    macc
802.1AE Security tag    MACsec  macsec
MPLS-MAC        Media Access Control (MAC) Address Withdrawal over Static Pseudowire    mpls_mac
WiMax MAC Management Message    MGMT MSG        wmx.mgmt
DCOM IRemoteActivation  REMACT  remact
Token-Ring Media Access Control TR MAC  trmac
WiMax Generic/Type1/Type2 MAC Header Messages   WiMax Generic/Type1/Type2 MAC Header (hdr)      wmx.hdr
WiMAX MAC-PHY over Ethernet     WiMAX MAC-PHY   wimaxmacphy

In this case, it seems you need to look at the source code (unless there's some other method I'm not aware of) in order to find the dissector that's actually registered.

$ grep "proto_register_protocol" packet-*.c | grep "\"MAC\""
packet-umts_mac.c:    proto_umts_mac = proto_register_protocol("MAC", "MAC", "mac");

$ grep register_dissector packet-umts_mac.c
    register_dissector("mac.fdd.rach", dissect_mac_fdd_rach, proto_umts_mac);
    register_dissector("mac.fdd.fach", dissect_mac_fdd_fach, proto_umts_mac);
    register_dissector("mac.fdd.pch", dissect_mac_fdd_pch, proto_umts_mac);
    register_dissector("mac.fdd.dch", dissect_mac_fdd_dch, proto_umts_mac);
    register_dissector("mac.fdd.edch", dissect_mac_fdd_edch, proto_umts_mac);
    register_dissector("mac.fdd.edch.type2", dissect_mac_fdd_edch_type2, proto_umts_mac);
    register_dissector("mac.fdd.hsdsch", dissect_mac_fdd_hsdsch, proto_umts_mac);
cmaynard's avatar
11.1k
cmaynard
answered 2018-12-05 16:03:29 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer