-
Notifications
You must be signed in to change notification settings - Fork 2
/
harris_lrc_dissector.lua
122 lines (102 loc) · 3.44 KB
/
harris_lrc_dissector.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
-- Harris LRC Protocol dissector for Wireshark.
--
-- Copyright (C) 2021 Rascular Technology Ltd.
--------------------------------------------------------------
local codes = {[0] = "COMMAND_ENABLE"}
local lrc = Proto("lrc", "Harris LRC protocol");
local ops = {
[string.byte('?')] = "Query",
[string.byte(':')] = "Command",
[string.byte('!')] = "Notification",
[string.byte('%')] = "Response"
}
local f_operator = ProtoField.uint8("lrc.operator", "Operator", base.HEX, ops);
local f_type = ProtoField.string("lrc.type", "Type");
local f_arg = ProtoField.string("lrc.arg", "Arg");
lrc.fields = {f_type, f_operator, f_arg};
local ef_malformed = ProtoExpert.new("lrc.malformed.expert", "Malformed packet",
expert.group.MALFORMED,
expert.severity.ERROR);
lrc.experts = {ef_malformed}
function rangeChar(range, i)
local r = range:range(i, 1)
return r, r:uint()
end
function rangeString(range, i, len)
local r = range:range(i, len)
return r, r:string()
end
function processPacket(mess, root, range)
local tree = root:add(range, "Harris LRC")
local a
for p = 2, #mess do
if ops[mess[p]] then
print("Found op", string.char(mess[p]))
tree:add(f_type, rangeString(range, 1, p - 1))
tree:add(f_operator, rangeChar(range, p))
a = p + 1
break
end
end
for p = a, #mess do
if mess[p] == string.byte(';') then
tree:add(f_arg, rangeString(range, a, p - a))
a = p + 1
end
end
if #mess > a then tree:add(f_arg, rangeString(range, a, 1 + #mess - a)) end
end
function lrc.dissector(tvb, pinfo, root_tree)
pinfo.cols.protocol = "Harris LRC";
local p = 0
while p < tvb:len() do
local st, l = lookForPacket(tvb, root_tree, p)
if l then
p = st + l;
else
pinfo.desegment_offset = st
pinfo.desegment_len = DESEGMENT_ONE_MORE_SEGMENT
return
end
end
end
function lookForPacket(tvb, root_tree, startpos)
local bytes = tvb:bytes();
local len = bytes:len()
local start = startpos
local startFound = false
local mess = {}
for p = startpos, len - 1 do
local c = bytes:get_index(p)
if (c == string.byte('~')) then
if startFound or (#mess > 0) then
root_tree:add_tvb_expert_info(ef_malformed,
tvb(start, p - start),
"Junk before start")
end
start = p
startFound = true
mess = {}
elseif c == string.byte('\\') then
if startFound then
local range = tvb:range(start, 1 + p - start)
processPacket(mess, root_tree, range)
return start, 1 + p - start
else
root_tree:add_tvb_expert_info(ef_malformed,
tvb(start, 1 + p - start),
"End without start")
return start, 1 + p - start
end
else
mess[#mess + 1] = c
end
end
if start >= 0 then
return start -- packet is incomplete
else
return startpos, len -- no start found, discard
end
end
local tcp_encap_table = DissectorTable.get("tcp.port")
tcp_encap_table:add(52116, lrc)