1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
-- wireshark LUA dissector for an unknown USER_DLT=162 protocol
-- generated by some unknown equipment in a 3GPP cellular network.
--
-- (C) 2023 by Harald Welte <laforge@gnumonks.org>
-- SPDX-License-Identifier: GPL-2.0+
--
-- Usage: Move (or symlink) this file to your "personal lua plugins"
-- folder that can be found in the Wireshark Help->About
-- Wireshark->Folders tab Windows: %APPDATA%\Wireshark\plugins.
-- Unix-like systems: ~/.local/lib/wireshark/plugins.
dlt162_protocol = Proto("dlt162", "DLT162 3GPP Protocol")
local ranap_diss = Dissector.get("ranap")
local mtp3_diss = Dissector.get("mtp3")
local tcap_diss = Dissector.get("tcap")
local sgsap_diss = Dissector.get("sgsap")
local f_subprotocol = ProtoField.string("subprotocol", "Sub-Protocol")
local f_subprotocol_len = ProtoField.uint8("subprotocol_len", "Sub-Protocol Length")
dlt162_protocol.fields = {
f_subprotocol, f_subprotocol_len,
}
function dlt162_protocol.dissector(tvb, pinfo, tree)
pinfo.cols.protocol = dlt162_protocol.name
local subtree = tree:add(dlt162_protocol, tvb(), "DLT 162")
-- FIXME: verify that first 3 bytes are 00 01 00, as we don't know their meaning
local strlen = tvb(3,1):uint()
local str = tvb(4,strlen):string()
local len_offs
local diss
local payload_len
subtree:add(f_subprotocol, tvb(4, strlen))
if str == "ranap" then
len_offs = 0x27
diss = ranap_diss
elseif str == "sgsap" then
len_offs = 0x2b
diss = sgsap_diss
elseif str == "tcap" then
len_offs = 0x23
diss = tcap_diss
elseif str == "mtp3" then
len_offs = 0x0b
diss = mtp3_diss
end
if len_offs then
subtree:add(f_subprotocol_len, tvb(len_offs, 1))
payload_len = tvb(len_offs, 1):uint()
end
if diss ~= nil and payload_len then
diss:call(tvb(len_offs+1, payload_len):tvb(), pinfo, tree)
end
return tvb:len()
end
function dlt162_protocol.init()
end
|
