lua - 如何应对 Wireshark lua dissector 中的跨领域?
问题描述
我正在为跨越八位字节边界的字段的协议编写一个 Wireshark Lua 解析器:
Octet 0:
bits 0..3: a
bits 4..6: b
bits 7: c
Octet 1:
bits 0..3: x
bits 4..7: y (ls nibble)
Octet 2:
bits 0..3: y (ms nibble)
bits 4..7: z
在 Lua 中如何管理这些字段?
解决方案
这应该能让你大部分时间到达那里。(问题在于,y因为您指出最不重要的半字节位于较低的八位字节中,而不是通常预期的最重要的半字节。)
local p_foo = Proto("foo", "FOO Protocol")
local f_foo_a = ProtoField.uint8("foo.a", "A", base.DEC, nil, 0xf0)
local f_foo_b = ProtoField.uint8("foo.b", "B", base.DEC, nil, 0x0e)
local f_foo_c = ProtoField.uint8("foo.c", "C", base.DEC, nil, 0x01)
local f_foo_x = ProtoField.uint8("foo.x", "X", base.DEC, nil, 0xf0)
local f_foo_y = ProtoField.uint16("foo.y", "Y", base.DEC, nil, 0x0ff0)
local f_foo_z = ProtoField.uint8("foo.z", "Z", base.DEC, nil, 0x0f)
p_foo.fields = { f_foo_a, f_foo_b, f_foo_c, f_foo_x, f_foo_y, f_foo_z }
function p_foo.dissector(buf, pinfo, tree)
local foo_tree = tree:add(p_foo, buf(0,-1))
pinfo.cols.protocol:set("FOO")
foo_tree:add(f_foo_a, buf(0, 1))
foo_tree:add(f_foo_b, buf(0, 1))
foo_tree:add(f_foo_c, buf(0, 1))
foo_tree:add(f_foo_x, buf(1, 1))
foo_tree:add(f_foo_y, buf(1, 2))
foo_tree:add(f_foo_z, buf(2, 1))
end
-- Registration: TODO
如果您真的需要y按照您的指示进行处理,那么您将不得不进行位交换。可能有一种更优雅的方法可以做到这一点,但这里有一个解决方案:
local p_foo = Proto("foo", "FOO Protocol")
local f_foo_a = ProtoField.uint8("foo.a", "A", base.DEC, nil, 0xf0)
local f_foo_b = ProtoField.uint8("foo.b", "B", base.DEC, nil, 0x0e)
local f_foo_c = ProtoField.uint8("foo.c", "C", base.DEC, nil, 0x01)
local f_foo_x = ProtoField.uint8("foo.x", "X", base.DEC, nil, 0xf0)
local f_foo_y = ProtoField.uint16("foo.y", "Y", base.DEC, nil, 0x0ff0)
local f_foo_z = ProtoField.uint8("foo.z", "Z", base.DEC, nil, 0x0f)
p_foo.fields = { f_foo_a, f_foo_b, f_foo_c, f_foo_x, f_foo_y, f_foo_z }
nib2bin = {
[0] = "0000", [1] = "0001",
[2] = "0010", [3] = "0011",
[4] = "0100", [5] = "0101",
[6] = "0110", [7] = "0111",
[8] = "1000", [9] = "1001",
[10] = "1010", [11] = "1011",
[12] = "1100", [13] = "1101",
[14] = "1110", [15] = "1111"
}
function nibble2binary(n)
return nib2bin[bit.band(n, 0x0f)]
end
function p_foo.dissector(buf, pinfo, tree)
local foo_tree = tree:add(p_foo, buf(0,-1))
local y_lsn = bit.band(buf(1, 1):uint(), 0x0f)
local y_msn = bit.band(buf(2, 1):uint(), 0xf0)
local y = bit.bor(y_lsn, y_msn)
pinfo.cols.protocol:set("FOO")
foo_tree:add(f_foo_a, buf(0, 1))
foo_tree:add(f_foo_b, buf(0, 1))
foo_tree:add(f_foo_c, buf(0, 1))
foo_tree:add(f_foo_x, buf(1, 1))
foo_tree:add(f_foo_y, buf(1, 2)):set_text(".... " ..
nibble2binary(bit.rshift(y_msn, 4)) .. " " .. nibble2binary(y_lsn) ..
" .... = Y: " .. y)
foo_tree:add(f_foo_z, buf(2, 1))
end
-- Registration: TODO
推荐阅读
- python - 生成最后一个数组并附加到列表中的次数python
- php - 如何在另一个文件的jquery中调用嵌套函数?
- html - 防止物品从右侧溢出
- javascript - 如何在一个函数中定义两个导出处理程序并在另一个处理程序中使用来自一个处理程序的变量?
- sql - 如何在多对多关系中创建一组相关条目?
- javascript - Html 列表未从 SQL 数据库更新
- javascript - 如何从对象中检索值以将其放入数组中
- python - 情节没有出现在 Pandas 中
- amazon-web-services - 需要从 EKS 上的多个 pod 访问的卷的最佳实践
- javascript - 从 React Native 成功上传图片到 Cloudinary 不返回 URL