我正在尝试为自定义的基于 UDP 的隧道协议创建一个简单的 lua 解析器,其中包含两个固定长度字段,后跟隧道以太网帧。在 ChatGPT(作为新手)的帮助下,我有以下脚本,但是以太网帧未正确解码,并显示为二进制 blob(请参见屏幕截图)。非常感谢您的帮助。
-- Define the protocol
my_proto = Proto("my_proto", "Custom UDP Tunneling Protocol")
-- Define the fields for the protocol
local f_id = ProtoField.string("my_proto.id", "ID", base.ASCII)
local f_timestamp = ProtoField.uint64("my_proto.timestamp", "Timestamp", base.DEC)
local f_tunneled_eth = ProtoField.bytes("my_proto.tunneled_eth", "Tunneled Ethernet Frame")
-- Assign fields to the protocol
my_proto.fields = { f_id, f_timestamp, f_tunneled_eth }
-- Dissector function
function my_proto.dissector(buffer, pinfo, tree)
-- Set the protocol column to "Custom Proto"
pinfo.cols.protocol = "MY_PROTO"
-- Check if the packet is large enough for minimum fields
if buffer:len() < 32 then
return -- Not enough data for ID + Timestamp
end
-- Add protocol to the dissection tree
local subtree = tree:add(my_proto, buffer(), "Custom UDP Tunneling Protocol")
-- Extract the ID field (24 bytes)
subtree:add(f_id, buffer(0, 24))
-- Extract the Timestamp field (8 bytes)
subtree:add(f_timestamp, buffer(24, 8))
-- Extract the Tunneled Ethernet frame (starting from byte 32)
local eth_buffer = buffer(32):tvb()
local eth_dissector = Dissector.get("eth") -- Get the Ethernet dissector
if eth_dissector then
-- Call the Ethernet dissector to parse the tunneled frame properly, adding it directly to the tree
eth_dissector:call(eth_buffer, pinfo, tree)
else
-- Fallback if Ethernet dissector is unavailable
subtree:add(f_tunneled_eth, buffer(32), "Ethernet Frame (unrecognized)")
end
end
我已经尝试了包含的 lua 脚本,期望隧道以太网帧能够被正确解码。但是,它显示为二进制 blob。
我发现了这个问题:在“Dissector.get()”中使用“eth_withoutfcs”而不是“eth”解决了这个问题。