THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 3
sezb51's avatar
9
sezb51
updated 2021-10-10 09:15:52 +0000

LUA & search in the nested packet...

Hello,

in my LUA protocol dissector there could be a specific packet type that says an IP/UDP/SIP packet follows:

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

I'm wondering if it could be possible to extract some SIP information (like sip.Call-ID if present) to enrich my custom layer, ideally something like:

...
-- ideal code I'm looking for:
local sip_callID_field = Field.new("sip.Call-ID")
nested_sip_pkt = Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
local finfo = sip_callID_field(nested_sip_pkt)
s8hr_tree:append_text(finfo)
...

Any simple way to extract wireshark-known elements buried in the nested layers returned by Dissector.get("ip") ?

Thank you! A.

Revision 2
sezb51's avatar
9
sezb51
updated 2021-10-10 07:31:31 +0000

LUA & search in the nested packet...

Hello,

in my LUA protocol dissector there could be a specific packet type that says an IP/UDP/SIP packet follows:

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

I'm wondering if it could be possible to extract some SIP information (like sip.Call-ID if present) to enrich my custom layer, ideally something like:

...
-- ideal code I'm looking for:
local sip_callID_field = Field.new("sip.Call-ID")
nested_sip_pkt = Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
local finfo = sip_callID_field(nested_sip_pkt)
s8hr_tree:append_text(finfo)
...

Any simple way to extract wireshark-known elements buried in So can I run an easy element search from the nested layers returned by Dissector.get("ip") result of the "dissector.get" avoiding all manual inspection ?

Thank you! A.

Revision 1
sezb51's avatar
9
sezb51
asked 2021-10-08 21:06:01 +0000

LUA & search in the nested packet...

Hello,

in my LUA protocol dissector there could be a specific packet type that says an IP/UDP/SIP packet follows:

  if S8HR_pckt_type==3 then
    -- S8HR IMS_SIGNALLING_INFORMATION
    -- Decode inner IP x IMS_SIGNALLING_INFORMATION
    Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
    pinfo.cols["protocol"] = "[S8HR-IMSSIG] " .. tostring(pinfo.cols["protocol"])
    pinfo.cols.info:prepend("IMSSIG: ")
    return
  end

I'm wondering if it could be possible to extract some SIP information (like sip.Call-ID if present) to enrich my custom layer, ideally something like:layer:

...
-- ideal code I'm looking for:
local sip_callID_field = Field.new("sip.Call-ID")
nested_sip_pkt = Dissector.get("ip"):call(buffer(offset):tvb(), pinfo, tree)
local finfo = sip_callID_field(nested_sip_pkt)
s8hr_tree:append_text(finfo)
...
s8hr_tree:append_text(...)

So can I run an easy a search for element search from while executing the result of the "dissector.get" avoiding all manual inspection dissector.get ?

Thank you! A.