jo_dman
Reputation: 303
how do I reassemble TCP packet in LUA dissector?
I have a dissector that runs above the TCP protocol and has data that flows on more than one TCP packet.
I want to assemble the data before I convert everything, so I understood that I need tcp_dissect_pdus() for it, but I can't find documentation or examples for it.
Can anyone direct me to it or help me understand how I use it?
Upvotes: 4
Views: 5955
Answers (1)
graphite
Reputation: 2958
There is no wslua API for tcp_dissect_pdus. But you can implement it yourself.
If you want to assemble pdu that span two or more packets it's rather simple:
function slicer.dissector(tvb, pinfo, tree)
...
local pdu_length = get_pdu_length(...)
if pdu_length > tvb:len() then
pinfo.desegment_len = pdu_length - tvb:len()
else
do_dissection(tvb, pifo, tree)
end
return
end
If you don't know exact length of the pdu you can do:
pinfo.desegment_len = DESEGMENT_ONE_MORE_SEGMENT
You should read README.developer section 2.7.
Upvotes: 9
Related Questions
- Lua dissection functions definition
- Wireshark Lua Dissector Response Request
- How to create a Wireshark dissector for a custom protocol, without the need to recompile Wireshark
- Executing a function for dissection in a Lua Wireshark dissector?
- Wireshark Lua dissectors: both expand together
- Reassemble PDUs in lua wireshark dissector
- How to re-dissect the selected packet in wireshark?
- Reassembling packets in a Lua Wireshark Dissector
- Wireshark Dissector in Lua
- How to dissect a field in an already dissected package in Wireshark using Lua?