diff options
author | Hadriel Kaplan <hadrielk@yahoo.com> | 2014-03-25 18:11:05 -0400 |
---|---|---|
committer | Anders Broman <a.broman58@gmail.com> | 2014-03-26 05:20:17 +0000 |
commit | da1af6e549856c8e213dadc1ec37a41a50246e1d (patch) | |
tree | e6f34ec2c6f02d6aca698dd94899e74e917ab7ea /test | |
parent | b981173669401ff8c325edf8a4ade816acb32020 (diff) |
Add filterable expert info for Lua
This adds the ability for a Lua script to register expert info fields,
similar to C-code dissectors. This change also removes the need for
the expert_add_info_format_internal() function. Existing Lua scripts
do not have to change, because the existing expert info function
uses the internal "_ws.lua" protocol instead of nothing; but using
the new functionality provides more benefits since it correctly
registers the expert info fields to the dissector's protocol.
The test suite was amended to generate both old and new forms.
Change-Id: Ib5ae74e927cfa81312baf7b04ff4104b0b4f936e
Reviewed-on: https://code.wireshark.org/review/830
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/captures/dns_port.pcap | bin | 1318 -> 1318 bytes | |||
-rw-r--r-- | test/lua/dissector.lua | 36 | ||||
-rw-r--r-- | test/lua/proto.lua | 30 | ||||
-rw-r--r-- | test/lua/verify_dissector.lua | 80 |
4 files changed, 137 insertions, 9 deletions
diff --git a/test/captures/dns_port.pcap b/test/captures/dns_port.pcap Binary files differindex c19a79c8c9..6974505abf 100644 --- a/test/captures/dns_port.pcap +++ b/test/captures/dns_port.pcap diff --git a/test/lua/dissector.lua b/test/lua/dissector.lua index 3fb835f289..2a68b9c5fe 100644 --- a/test/lua/dissector.lua +++ b/test/lua/dissector.lua @@ -132,6 +132,22 @@ dns.fields = { pf_trasaction_id, pf_flags, pf_flag_z, pf_flag_authenticated, pf_flag_checking_disabled, pf_flag_rcode, pf_query, pf_query_name, pf_query_name_len, pf_query_label_count, pf_query_type, pf_query_class } +---------------------------------------- +-- create some expert info fields +local ef_query = ProtoExpert.new("mydns.query.expert", "DNS query message", + expert.group.REQUEST_CODE, expert.severity.CHAT) +local ef_response = ProtoExpert.new("mydns.response.expert", "DNS response message", + expert.group.RESPONSE_CODE, expert.severity.CHAT) +local ef_ultimate = ProtoExpert.new("mydns.response.ultimate.expert", "DNS answer to life, the universe, and everything", + expert.group.COMMENTS_GROUP, expert.severity.NOTE) +-- some error expert info's +local ef_too_short = ProtoExpert.new("mydns.too_short.expert", "DNS message too short", + expert.group.MALFORMED, expert.severity.ERROR) +local ef_bad_query = ProtoExpert.new("mydns.query.missing.expert", "DNS query missing or malformed", + expert.group.MALFORMED, expert.severity.WARN) + +-- register them +dns.experts = { ef_query, ef_too_short, ef_bad_query, ef_response, ef_ultimate } ---------------------------------------- -- we don't just want to display our protocol's fields, we want to access the value of some of them too! @@ -214,7 +230,9 @@ function dns.dissector(tvbuf,pktinfo,root) if pktlen < DNS_HDR_LEN then -- since we're going to add this protocol to a specific UDP port, we're going to -- assume packets in this port are our protocol, so the packet being too short is an error - tree:add_expert_info(PI_MALFORMED, PI_ERROR, "packet too short") + -- the old way: tree:add_expert_info(PI_MALFORMED, PI_ERROR, "packet too short") + -- the correct way now: + tree:add_proto_expert_info(ef_too_short) dprint("packet length",pktlen,"too short") return end @@ -238,8 +256,19 @@ function dns.dissector(tvbuf,pktinfo,root) -- for our flags field, we want a sub-tree local flag_tree = tree:add(pf_flags, flagrange) -- I'm indenting this for clarity, because it's adding to the flag's child-tree + -- let's add the type of message (query vs. response) - flag_tree:add(pf_flag_response, flagrange) + local query_flag_tree = flag_tree:add(pf_flag_response, flagrange) + + -- let's also add an expert info about it + if isResponse() then + query_flag_tree:add_proto_expert_info(ef_response, "It's a response!") + if transid == 42 then + tree:add_tvb_expert_info(ef_ultimate, tvbuf:range(0,2)) + end + else + query_flag_tree:add_proto_expert_info(ef_query) + end -- we now know if it's a response or query, so let's put that in the -- GUI packet row, in the INFO column cell @@ -289,7 +318,8 @@ function dns.dissector(tvbuf,pktinfo,root) while num_queries > 0 and pktlen_remaining > 0 do if pktlen_remaining < MIN_QUERY_LEN then - queries_tree:add_expert_info(PI_MALFORMED, PI_ERROR, "query field missing or too short") + -- old way: queries_tree:add_expert_info(PI_MALFORMED, PI_ERROR, "query field missing or too short") + queries_tree:add_proto_expert_info(ef_bad_query) return end diff --git a/test/lua/proto.lua b/test/lua/proto.lua index 9b159e65a3..157c4b2a9c 100644 --- a/test/lua/proto.lua +++ b/test/lua/proto.lua @@ -289,6 +289,24 @@ function dns.init() end ---------------------------------------- +-- create some expert info fields +local ef_query = ProtoExpert.new("mydns.query.expert", "DNS query message", + expert.group.REQUEST_CODE, expert.severity.CHAT) +local ef_response = ProtoExpert.new("mydns.response.expert", "DNS response message", + expert.group.RESPONSE_CODE, expert.severity.CHAT) +local ef_ultimate = ProtoExpert.new("mydns.response.ultimate.expert", "DNS answer to life, the universe, and everything", + expert.group.COMMENTS_GROUP, expert.severity.NOTE) +-- some error expert info's +local ef_too_short = ProtoExpert.new("mydns.too_short.expert", "DNS message too short", + expert.group.MALFORMED, expert.severity.ERROR) +local ef_bad_query = ProtoExpert.new("mydns.query.missing.expert", "DNS query missing or malformed", + expert.group.MALFORMED, expert.severity.WARN) + +-- register them +dns.experts = { ef_query, ef_too_short, ef_bad_query, ef_response, ef_ultimate } + + +---------------------------------------- -- we don't just want to display our protocol's fields, we want to access the value of some of them too! -- There are several ways to do that. One is to just parse the buffer contents in Lua code to find -- the values. But since ProtoFields actually do the parsing for us, and can be retrieved using Field @@ -391,7 +409,17 @@ function dns.dissector(tvbuf,pktinfo,root) local flag_tree = tree:add(pf_flags, flagrange) -- I'm indenting this for calarity, because it's adding to the flag's child-tree -- let's add the type of message (query vs. response) - flag_tree:add(pf_flag_response, flagrange) + local query_flag_tree = flag_tree:add(pf_flag_response, flagrange) + + -- let's also add an expert info about it + if isResponse() then + query_flag_tree:add_proto_expert_info(ef_response, "It's a response!") + if transid == 42 then + tree:add_tvb_expert_info(ef_ultimate, tvbuf:range(0,2)) + end + else + query_flag_tree:add_proto_expert_info(ef_query) + end -- we now know if it's a response or query, so let's put that in the -- GUI packet row, in the INFO column cell diff --git a/test/lua/verify_dissector.lua b/test/lua/verify_dissector.lua index f65d1ece72..46ec704e40 100644 --- a/test/lua/verify_dissector.lua +++ b/test/lua/verify_dissector.lua @@ -13,10 +13,76 @@ end local lines = { { "MyDNS Protocol", + "Transaction ID: 42", + "Flags: 0x0100", + "0... .... .... .... = Response: this is a query", + "[Expert Info (Chat/Request): DNS query message]", + "[DNS query message]", + "[Severity level: Chat]", + "[Group: Request]", + ".000 0... .... .... = Opcode: 0", + ".... ..0. .... .... = Truncated: False", + ".... ...1 .... .... = Recursion desired: yes", + ".... .... .0.. .... = World War Z - Reserved for future use: 0x0000", + ".... .... ...0 .... = Checking disabled: False", + "Number of Questions: 1", + "Number of Answer RRs: 0", + "Number of Authority RRs: 0", + "Number of Additional RRs: 0", + "Queries", + "us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)", + "Name: us.pool.ntp.org", + "[Name Length: 17]", + "[Label Count: 4]", + "Type: A (IPv4 host address) (1)", + "Class: IN (Internet) (1)", + }, + + { + "MyDNS Protocol", + "Transaction ID: 42", + "Flags: 0x8180", + "1... .... .... .... = Response: this is a response", + "[Expert Info (Chat/Response): It's a response!]", + "[It's a response!]", + "[Severity level: Chat]", + "[Group: Response]", + ".000 0... .... .... = Opcode: 0", + ".... .0.. .... .... = Authoritative: False", + ".... ..0. .... .... = Truncated: False", + ".... .... 1... .... = Recursion available: True", + ".... .... .0.. .... = World War Z - Reserved for future use: 0x0000", + ".... .... ..0. .... = Authenticated: no", + ".... .... .... 0000 = Response code: No Error (0)", + ".... .... ...0 .... = Checking disabled: False", + "DNS answer to life, the universe, and everything", + "[Expert Info (Note/Comment): DNS answer to life, the universe, and everything]", + "[DNS answer to life, the universe, and everything]", + "[Severity level: Note]", + "[Group: Comment]", + "Number of Questions: 1", + "Number of Answer RRs: 15", + "Number of Authority RRs: 6", + "Number of Additional RRs: 2", + "Queries", + "us.pool.ntp.org: type A (IPv4 host address) (1), class IN (Internet) (1)", + "Name: us.pool.ntp.org", + "[Name Length: 17]", + "[Label Count: 4]", + "Type: A (IPv4 host address) (1)", + "Class: IN (Internet) (1)", + }, + + { + "MyDNS Protocol", "Transaction ID: 43", "Flags: 0x0100", "0... .... .... .... = Response: this is a query", - ".000 0... .... .... = Opcode: 0", + "[Expert Info (Chat/Request): DNS query message]", + "[DNS query message]", + "[Severity level: Chat]", + "[Group: Request]", + ".000 0... .... .... = Opcode: 0", ".... ..0. .... .... = Truncated: False", ".... ...1 .... .... = Recursion desired: yes", ".... .... .0.. .... = World War Z - Reserved for future use: 0x0000", @@ -39,7 +105,11 @@ local lines = { "Transaction ID: 43", "Flags: 0x8180", "1... .... .... .... = Response: this is a response", - ".000 0... .... .... = Opcode: 0", + "[Expert Info (Chat/Response): It's a response!]", + "[It's a response!]", + "[Severity level: Chat]", + "[Group: Response]", + ".000 0... .... .... = Opcode: 0", ".... .0.. .... .... = Authoritative: False", ".... ..0. .... .... = Truncated: False", ".... .... 1... .... = Recursion available: True", @@ -58,13 +128,13 @@ local lines = { "[Label Count: 4]", "Type: A (IPv4 host address) (1)", "Class: IN (Internet) (1)", - } + }, } -- we're going to see those two sets of output twice: both by the normal -- dissector, then the first one by the heuristic, then the second one by -- a conversation match -local numtests = 1 + (2 * (#lines[1] + #lines[2])) +local numtests = 1 + #lines[1] + #lines[2] + #lines[3] + #lines[4] print("going to run "..numtests.." tests") -- for an example of what we're reading through to verify, look at end of this file @@ -83,7 +153,7 @@ while line do pktidx = line:match("^Frame (%d+):") testing("Frame "..pktidx) pktidx = tonumber(pktidx) - if pktidx > 2 then pktidx = pktidx - 2 end + if pktidx > 4 then pktidx = pktidx - 4 end line = file:read() elseif line:find("%[Heuristic dissector used%]") then -- start again, because it now repeats |