diff --git a/tools/wireshark_cfg_for_newip.lua b/tools/wireshark_cfg_for_newip.lua index 47a9602c21690be40963e02116b9e8cbfccec928..f9f9fab6e1337a1f0fc8371785d9323fbb9aa76e 100644 --- a/tools/wireshark_cfg_for_newip.lua +++ b/tools/wireshark_cfg_for_newip.lua @@ -22,12 +22,25 @@ NewIP协议字段定义 para2 [可选] - 字段的实际名称(出现在树中的字符串) para3 [可选] - 字段类型 --]] -local _ttl = ProtoField.uint8 (nip_proto_name .. ".ttl", "ttl", base.DEC) -local _total_len = ProtoField.uint16(nip_proto_name .. ".total_len", "total_len", base.DEC) -local _nexthdr = ProtoField.uint8 (nip_proto_name .. ".nexthdr", "nexthdr", base.DEC) -local _daddr = ProtoField.bytes (nip_proto_name .. ".daddr", "daddr", base.SPACE) -local _saddr = ProtoField.bytes (nip_proto_name .. ".saddr", "saddr", base.SPACE) -local _hdr_len = ProtoField.uint8 (nip_proto_name .. ".hdr_len", "hdr_len", base.DEC) +--[[ +ProtoField.{type}(abbr, [name], [base], [valuestring], [mask], [desc]) +·type包括:uint8, uint16, uint24, uint32, uint64, framenum, float, double, string, stringz, bytes, bool, ipv4, ipv6, ether,oid, guid + +abbr 字段的缩写名称(过滤器中使用的字符串)。 +name (optional) 字段的实际名称(出现在树中的字符串)。 +base (optional) base.DEC,base.HEX或base.OCT,base.DEC_HEX,base.HEX_DEC,base.UNIT_STRING或base.RANGE_STRING。 +valuestring (optional) 包含与值对应的文本的表,或包含与值 ({min, max, “string”}) 对应的范围字符串值表的表(如果基数为 )base.RANGE_STRING, + 或包含单位名称的表如果 base 是base.UNIT_STRING. +mask (optional) 此字段的整数掩码。 +desc (optional) 字段说明。 + +--]] +local _ttl = ProtoField.uint8 (nip_proto_name .. ".ttl", "ttl ( 1 Byte)", base.DEC) +local _total_len = ProtoField.uint16(nip_proto_name .. ".total_len", "total_len ( 2 Byte)", base.DEC) +local _nexthdr = ProtoField.uint8 (nip_proto_name .. ".nexthdr", "nexthdr ( 1 Byte)", base.DEC) +local _daddr = ProtoField.bytes (nip_proto_name .. ".daddr", "daddr (1~8 Byte)", base.SPACE) +local _saddr = ProtoField.bytes (nip_proto_name .. ".saddr", "saddr (1~8 Byte)", base.SPACE) +local _hdr_len = ProtoField.uint8 (nip_proto_name .. ".hdr_len", "hdr_len ( 1 Byte)", base.DEC) local _trans_data = ProtoField.bytes (nip_proto_name .. ".trans_data", "trans_data", base.SPACE) -- 将字段添加都协议中 @@ -57,17 +70,19 @@ bitmap1 子菜单字段定义 para3 [可选] - 字段类型 --]] local _bitmap1 = ProtoField.uint8(bitmap1_name .. ".bitmap1", "bitmap1", base.HEX) -local _nip_valid = ProtoField.uint8(bitmap1_name .. ".nip_valid", "nip_valid", base.DEC) -local _include_ttl = ProtoField.uint8(bitmap1_name .. ".include_ttl", "include_ttl", base.DEC) -local _include_total_len = ProtoField.uint8(bitmap1_name .. ".include_total_len", "include_total_len", base.DEC) -local _include_nexthdr = ProtoField.uint8(bitmap1_name .. ".include_nexthdr", "include_nexthdr", base.DEC) -local _include_daddr = ProtoField.uint8(bitmap1_name .. ".include_daddr", "include_daddr", base.DEC) -local _include_saddr = ProtoField.uint8(bitmap1_name .. ".include_saddr", "include_saddr", base.DEC) -local _include_bitmap2 = ProtoField.uint8(bitmap1_name .. ".include_bitmap2", "include_bitmap2", base.DEC) +local _pkt_hdr_type = ProtoField.uint8(bitmap1_name .. ".pkt_hdr_type", "pkt_hdr_type ", base.DEC, Payload_type, 0x80) --_bitmap1的8bit +local _include_ttl = ProtoField.uint8(bitmap1_name .. ".include_ttl", "include_ttl ", base.DEC, Payload_type, 0x40) --_bitmap1的7bit +local _include_total_len = ProtoField.uint8(bitmap1_name .. ".include_total_len", "include_total_len", base.DEC, Payload_type, 0x20) --_bitmap1的6bit +local _include_nexthdr = ProtoField.uint8(bitmap1_name .. ".include_nexthdr", "include_nexthdr ", base.DEC, Payload_type, 0x10) --_bitmap1的5bit +local _include_reserve1 = ProtoField.uint8(bitmap1_name .. ".include_reserve1", "include_reserve1 ", base.DEC, Payload_type, 0x08) --_bitmap1的4bit +local _include_daddr = ProtoField.uint8(bitmap1_name .. ".include_daddr", "include_daddr ", base.DEC, Payload_type, 0x04) --_bitmap1的3bit +local _include_saddr = ProtoField.uint8(bitmap1_name .. ".include_saddr", "include_saddr ", base.DEC, Payload_type, 0x02) --_bitmap1的2bit +local _include_bitmap2 = ProtoField.uint8(bitmap1_name .. ".include_bitmap2", "include_bitmap2 ", base.DEC, Payload_type, 0x01) --_bitmap1的1bit -- 将字段添加都协议中 bitmap1_obj.fields = { - _bitmap1, _nip_valid, _include_ttl, _include_total_len, _include_nexthdr, _include_daddr, _include_saddr, _include_bitmap2 + _bitmap1, _pkt_hdr_type, _include_ttl, _include_total_len, _include_nexthdr, + _include_reserve1, _include_daddr, _include_saddr, _include_bitmap2 } --定义 bitmap2 子菜单 @@ -83,12 +98,20 @@ bitmap2 子菜单字段定义 para2 [可选] - 字段的实际名称(出现在树中的字符串) para3 [可选] - 字段类型 --]] -local _bitmap2 = ProtoField.uint8(bitmap2_name .. ".bitmap2", "bitmap2", base.HEX) -local _include_hdr_len = ProtoField.uint8(bitmap2_name .. ".include_hdr_len", "include_hdr_len", base.DEC) +local _bitmap2 = ProtoField.uint8(bitmap2_name .. ".bitmap2", "bitmap2", base.HEX) +local _include_hdr_len = ProtoField.uint8(bitmap2_name .. ".include_hdr_len", "include_hdr_len ", base.DEC, Payload_type, 0x80) --_bitmap2的8bit +local _include_reserve2 = ProtoField.uint8(bitmap2_name .. ".include_reserve2", "include_reserve2", base.DEC, Payload_type, 0x40) --_bitmap2的7bit +local _include_reserve3 = ProtoField.uint8(bitmap2_name .. ".include_reserve3", "include_reserve3", base.DEC, Payload_type, 0x20) --_bitmap2的6bit +local _include_reserve4 = ProtoField.uint8(bitmap2_name .. ".include_reserve4", "include_reserve4", base.DEC, Payload_type, 0x10) --_bitmap2的5bit +local _include_reserve5 = ProtoField.uint8(bitmap2_name .. ".include_reserve5", "include_reserve5", base.DEC, Payload_type, 0x08) --_bitmap2的4bit +local _include_reserve6 = ProtoField.uint8(bitmap2_name .. ".include_reserve6", "include_reserve6", base.DEC, Payload_type, 0x04) --_bitmap2的3bit +local _include_reserve7 = ProtoField.uint8(bitmap2_name .. ".include_reserve7", "include_reserve7", base.DEC, Payload_type, 0x02) --_bitmap2的2bit +local _include_bitmap3 = ProtoField.uint8(bitmap2_name .. ".include_bitmap3", "include_bitmap3 ", base.DEC, Payload_type, 0x01) --_bitmap2的1bit -- 将字段添加都协议中 bitmap2_obj.fields = { - _bitmap2, _include_hdr_len + _bitmap2, _include_hdr_len, _include_reserve2, _include_reserve3, _include_reserve4, + _include_reserve5, _include_reserve6, _include_reserve7, _include_bitmap3 } --定义 nd icmp 子菜单 @@ -104,12 +127,12 @@ nd_icmp 子菜单字段定义 para2 [可选] - 字段的实际名称(出现在树中的字符串) para3 [可选] - 字段类型 --]] -local _type = ProtoField.uint8 (nd_icmp_name .. ".type", "type", base.DEC) -local _code = ProtoField.uint8 (nd_icmp_name .. ".code", "code", base.DEC) -local _checksum = ProtoField.uint16(nd_icmp_name .. ".checksum", "checksum", base.HEX) -local _rs_daddr = ProtoField.bytes (nd_icmp_name .. ".rs_daddr", "rs_daddr", base.SPACE) -local _mac_len = ProtoField.uint8 (nd_icmp_name .. ".mac_len", "mac_len", base.DEC) -local _mac = ProtoField.bytes (nd_icmp_name .. ".mac", "mac", base.SPACE) +local _type = ProtoField.uint8 (nd_icmp_name .. ".type", "type ( 1 Byte)", base.DEC) +local _code = ProtoField.uint8 (nd_icmp_name .. ".code", "code ( 1 Byte)", base.DEC) +local _checksum = ProtoField.uint16(nd_icmp_name .. ".checksum", "checksum( 2 Byte)", base.HEX) +local _rs_daddr = ProtoField.bytes (nd_icmp_name .. ".rs_daddr", "rs_daddr(1~8 Byte)", base.SPACE) +local _mac_len = ProtoField.uint8 (nd_icmp_name .. ".mac_len", "mac_len ( 1 Byte)", base.DEC) +local _mac = ProtoField.bytes (nd_icmp_name .. ".mac", "mac ( 6 Byte)", base.SPACE) -- 将字段添加都协议中 nd_icmp_obj.fields = { @@ -134,83 +157,69 @@ function nip_dissector(tvb, pinfo, treeitem) -- 在上一级解析树上创建 nip 的根节点 local nip_tree = treeitem:add(nip_proto_obj, tvb:range(tvb_len)) - local bitmap1 = tvb(offset, 1) --表示从报文缓冲区0开始取1个字节 - local bitmap1_val = tvb(offset, 1):uint() - local nip_valid = bit.band(bit.rshift(bitmap1_val, 7), 0x00000001) --右移 7 位 与 0x01 相与,获取 nip_valid 位 - local include_ttl = bit.band(bit.rshift(bitmap1_val, 6), 0x00000001) --右移 6 位 与 0x01 相与,获取 include_ttl 位 - local include_total_len = bit.band(bit.rshift(bitmap1_val, 5), 0x00000001) --右移 5 位 与 0x01 相与,获取 include_total_len 位 - local include_nexthdr = bit.band(bit.rshift(bitmap1_val, 4), 0x00000001) --右移 4 位 与 0x01 相与,获取 include_nexthdr 位 - local include_daddr = bit.band(bit.rshift(bitmap1_val, 2), 0x00000001) --右移 2 位 与 0x01 相与,获取 include_daddr 位 - local include_saddr = bit.band(bit.rshift(bitmap1_val, 1), 0x00000001) --右移 1 位 与 0x01 相与,获取 include_saddr 位 - local include_bitmap2 = bit.band(bitmap1_val, 0x00000001) --获取 include_bitmap2 位 - offset = offset + 1 --_bitmap1 占用1字节 + local bitmap1 = tvb(offset, 1):uint() --表示从报文缓冲区0开始取1个字节 + local pkt_hdr_type = bit.band(bit.rshift(bitmap1, 7), 0x00000001) --右移 7 位 与 0x01 相与,获取 pkt_hdr_type 位 + local include_ttl = bit.band(bit.rshift(bitmap1, 6), 0x00000001) --右移 6 位 与 0x01 相与,获取 include_ttl 位 + local include_total_len = bit.band(bit.rshift(bitmap1, 5), 0x00000001) --右移 5 位 与 0x01 相与,获取 include_total_len 位 + local include_nexthdr = bit.band(bit.rshift(bitmap1, 4), 0x00000001) --右移 4 位 与 0x01 相与,获取 include_nexthdr 位 + local include_daddr = bit.band(bit.rshift(bitmap1, 2), 0x00000001) --右移 2 位 与 0x01 相与,获取 include_daddr 位 + local include_saddr = bit.band(bit.rshift(bitmap1, 1), 0x00000001) --右移 1 位 与 0x01 相与,获取 include_saddr 位 + local include_bitmap2 = bit.band(bitmap1, 0x00000001) --获取 include_bitmap2 位 --nip报头无效(0表示有效) - if nip_valid ~= 0 then + if pkt_hdr_type ~= 0 then return false else --bitmap1子菜单 local bitmap1_tree = nip_tree:add(bitmap1_obj, tvb:range(tvb_len)) - bitmap1_tree:add(_bitmap1, bitmap1) - bitmap1_tree:add(_nip_valid, nip_valid) - - if include_ttl then - bitmap1_tree:add(_include_ttl, include_ttl) - end - - if include_total_len then - bitmap1_tree:add(_include_total_len, include_total_len) - end - - if include_nexthdr then - bitmap1_tree:add(_include_nexthdr, include_nexthdr) - end - - if include_daddr then - bitmap1_tree:add(_include_daddr, include_daddr) - end - - if include_saddr then - bitmap1_tree:add(_include_saddr, include_saddr) - end - - if include_bitmap2 then - bitmap1_tree:add(_include_bitmap2, include_bitmap2) - end + bitmap1_tree:add(_bitmap1, bitmap1) + bitmap1_tree:add(_pkt_hdr_type, bitmap1):append_text(" (".."0-New IP; 1-Reserve"..")") + bitmap1_tree:add(_include_ttl, bitmap1) + bitmap1_tree:add(_include_total_len, bitmap1) + bitmap1_tree:add(_include_nexthdr, bitmap1) + bitmap1_tree:add(_include_reserve1, bitmap1) + bitmap1_tree:add(_include_daddr, bitmap1) + bitmap1_tree:add(_include_saddr, bitmap1) + bitmap1_tree:add(_include_bitmap2, bitmap1) + offset = offset + 1 --_bitmap1 占用1字节 end + local include_hdr_len = 0 if include_bitmap2 ~= 0 then --bitmap2子菜单 local bitmap2_tree = nip_tree:add(bitmap2_obj, tvb:range(tvb_len)) - local bitmap2 = tvb(offset, 1) - local bitmap2_val = tvb(offset, 1):uint() - local include_hdr_len = bit.band(bit.rshift(bitmap2_val, 7), 0x00000001) --右移 7 位 与 0x01 相与,获取 include_hdr_len 位 + local bitmap2 = tvb(offset, 1):uint() + include_hdr_len = bit.band(bit.rshift(bitmap2, 7), 0x00000001) --右移 7 位 与 0x01 相与,获取 include_hdr_len 位 offset = offset + 1 --_bitmap2 占用1字节 - bitmap2_tree:add(_bitmap2, bitmap2) - - if include_hdr_len then - bitmap2_tree:add(_include_hdr_len, include_hdr_len) - end + bitmap2_tree:add(_bitmap2, bitmap2) + bitmap2_tree:add(_include_hdr_len, bitmap2) + bitmap2_tree:add(_include_reserve2, bitmap2) + bitmap2_tree:add(_include_reserve3, bitmap2) + bitmap2_tree:add(_include_reserve4, bitmap2) + bitmap2_tree:add(_include_reserve5, bitmap2) + bitmap2_tree:add(_include_reserve6, bitmap2) + bitmap2_tree:add(_include_reserve7, bitmap2) + bitmap2_tree:add(_include_bitmap3, bitmap2) end - if include_ttl then + if include_ttl ~= 0 then nip_tree:add(_ttl, tvb(offset, 1)) offset = offset + 1 --_ttl 占用1字节 end - if include_total_len then + if include_total_len ~= 0 then nip_tree:add(_total_len, tvb(offset, 2)) offset = offset + 2 --_total_len 占用2字节 end - if include_nexthdr then + if include_nexthdr ~= 0 then nexthdr = tvb(offset, 1):uint() nip_tree:add(_nexthdr, tvb(offset, 1)) offset = offset + 1 --_nexthdr 占用1字节 end - if include_daddr then + if include_daddr ~= 0 then local first_addr = tvb(offset, 1):uint() local addr_len = get_nip_addr_len (first_addr) if addr_len == 0 then @@ -220,7 +229,7 @@ function nip_dissector(tvb, pinfo, treeitem) offset = offset + addr_len --_daddr 占用 addr_len 字节 end - if include_saddr then + if include_saddr ~= 0 then local first_addr = tvb(offset, 1):uint() local addr_len = get_nip_addr_len (first_addr) if addr_len == 0 then @@ -230,7 +239,7 @@ function nip_dissector(tvb, pinfo, treeitem) offset = offset + addr_len --_daddr 占用 addr_len 字节 end - if include_hdr_len then + if include_hdr_len ~= 0 then nip_tree:add(_hdr_len, tvb(offset, 1)) offset = offset + 1 --_hdr_len 占用1字节 end @@ -247,8 +256,13 @@ function nip_dissector(tvb, pinfo, treeitem) nd_icmp_tree:add(_checksum, tvb(offset, 1)) offset = offset + 1 if type == 1 then - nd_icmp_tree:add(_rs_daddr, tvb(offset, 1)) - offset = offset + 1 + local first_addr = tvb(offset, 1):uint() + local addr_len = get_nip_addr_len (first_addr) + if addr_len == 0 then + return false + end + nd_icmp_tree:add(_rs_daddr, tvb(offset, addr_len)) + offset = offset + addr_len --_rs_daddr 占用 addr_len 字节 pinfo.cols.protocol = "ND request based NewIP" else nd_icmp_tree:add(_mac_len, tvb(offset, 1))