Hi,
First of all you should know that I'm new to wireshark development, so
please forgive me if any of this doesn't make sense.
I'm trying to slap together a quick and dirty dissector for helping me
out in debugging a proprietary protocol. I also need the dissector to
run on both linux and windows, but I don't have access to the windows
development environment.
Thus, I've been toying around with a dissector written in LUA, which
appears to be a perfect match for my needs.
The LUA stuff is quite impressive and I've got everything to mostly
work. However, I have run into a fundamental problem - the protocol is
TCP based, and as such I need to at least be able to keep some state on
a conversation level.
It seems that there is no way to access the two recommended (in
README.developer) methods of reassembling TCP PDU:s, i.e.
tcp_dissect_pdus() or the pinfo->desegment_offset/len stuff.
Neither does it seem to be a LUA API support for any of the conversation
stuff in wireshark.
I've been experimenting with keeping my own state in a frame-indexed LUA
table, which works fine for keeping state for a given frame, but I
haven't been able to access the tcp.continuation_to field (I always get
nil reading it), which I need to get to the header frame entry.
Any ideas/tricks that can be used to get around this?
Also, I have found some other minor problems that might be worth reporting:
- TvbRange.len doesn't seem to work for some reason. As a workaround I
use TvbRange:bytes():len().
- There's no equivalent to tvb_get_stringz(), although it's easy
enough to code your own one.
Regards,
--
Christer Palm
