目录
脚本代码
报文显示
脚本代码
local NAME = "test"
test_proto = Proto("test", "test Protocol")
task_id = ProtoField.uint16("test.task_id", "test id", base.DEC)
cn = ProtoField.uint8("test.cn", "XXX", base.DEC)
sn = ProtoField.uint32("test.sn", "xxx", base.DEC)
indicator = ProtoField.uint32("test.indicator", "Indicator", base.DEC)
flag = ProtoField.uint8(NAME.."flag", "Flag", base.HEX)
local bit8 = {[0] = "XXX", [1] = "XXX"}
local bit7 = {[0] = "XXX", [1] = "XXX"}
local bit6 = {[0] = "XXX", [1] = "XXX"}
local bit5 = {[0] = "XXX", [1] = "XXX"}
local bit4 = {[0] = "XXX", [1] = "XXX"}
local bit3 = {[0] = "XXX", [1] = "XXX"}
local bit2 = {[0] = "Reserve", [1] = "Reserve"}
local bit1 = {[0] = "Reserve", [1] = "Reserve"}
msg_bit8 = ProtoField.uint8("msg_bit8", "bit8", base.DEC, bit8, 0x80)
msg_bit7 = ProtoField.uint8("msg_bit7", "bit7", base.DEC, bit7, 0x40)
msg_bit6 = ProtoField.uint8("msg_bit6", "bit6", base.DEC, bit6, 0x20)
msg_bit5 = ProtoField.uint8("msg_bit5", "bit5", base.DEC, bit5, 0x10)
msg_bit4 = ProtoField.uint8("msg_bit4", "bit4", base.DEC, bit4, 0x08)
msg_bit3 = ProtoField.uint8("msg_bit3", "bit3", base.DEC, bit3, 0x04)
msg_bit2 = ProtoField.uint8("msg_bit2", "bit2", base.DEC, bit2, 0x02)
msg_bit1 = ProtoField.uint8("msg_bit1", "bit1", base.DEC, bit1, 0x01)
test_proto.fields = {
task_id,
sn,
indicator,
flag,
cn,
msg_bit8,
msg_bit7,
msg_bit6,
msg_bit5,
msg_bit4,
msg_bit3,
msg_bit2,
msg_bit1
}
function And(num1,num2)
local tmp1 = num1
local tmp2 = num2
local str = ""
repeat
local s1 = tmp1 % 2
local s2 = tmp2 % 2
if s1 == s2 then
if s1 == 1 then
str = "1"..str
else
str = "0"..str
end
else
str = "0"..str
end
tmp1 = math.modf(tmp1/2)
tmp2 = math.modf(tmp2/2)
until(tmp1 == 0 and tmp2 == 0)
return tonumber(str,2)
end
-- buffer:包的数据
-- pinfo: 显示的信息
-- tree:包结构的关系
function test_proto.dissector(buffer, pinfo, tree)
local buflen = buffer:len();
if buflen == 0 then return end
--显示在protocol列的名字
pinfo.cols.protocol = test_proto.name
--显示在数据查看
local test = tree:add(test_proto, buffer(), "test")
header_len = 8
local test_header = test:add(test_proto, buffer(0, header_len), "test header")
local offset = 0;
test_header:add(task_id, buffer(offset,2))
offset = offset + 2;
-- cn 字段解析
test_header:add(cn, buffer(offset,1))
offset = offset + 1;
-- 根据flag字段,判断显示info信息 todo
local flag_node = test_header:add(flag, buffer(offset,1))
flag_node:add(msg_bit8, buffer(offset,1))
flag_node:add(msg_bit7, buffer(offset,1))
flag_node:add(msg_bit6, buffer(offset,1))
flag_node:add(msg_bit5, buffer(offset,1))
flag_node:add(msg_bit4, buffer(offset,1))
flag_node:add(msg_bit3, buffer(offset,1))
flag_node:add(msg_bit2, buffer(offset,1))
flag_node:add(msg_bit1, buffer(offset,1))
local ack = buffer(offset,1):uint()
ack_bit = And(ack, 0x80)
offset = offset + 1;
-- sn 字段解析
test_header:add(sn, buffer(offset,4))
sn_value = buffer(offset,4):uint()
offset = offset + 4;
if ack_bit == 0x80 then
info = string.format("rx -> tx Ack Sn=%d Len=%d", sn_value, buflen)
pinfo.cols.info = info
else
info = string.format("tx -> rx Sn=%d Len=%d", sn_value, buflen)
pinfo.cols.info = info
end
local payload_len = buflen - offset;
local test_header = test:add(test_proto, buffer(offset, payload_len), "test payload")
end
local ip_protocol = DissectorTable.get("ip.proto")
ip_protocol:add(0xff, test_proto) --抓到的0xffff端口的数据,按test_proto的规则来解析
报文显示
