luawiresharkwireshark-dissector

Profinet LUA dissector without ports to extract specific bits


How can I make a Lua dissector/post-dissector/chained dissector that would get attached under the PROFINET IO Cyclic Service Data Unit and for example extract only the last 3 bits of the 5th byte, highlighted in the image below?

All the examples of Lua dissectors I could find are attached to some ports. Profinet does not use TCP/IP layer so there are no ports to attach to.

enter image description here


Solution

  • You should be able to achieve what you want using the following example as a rough guide, where I illustrate both how to add the field to the tree as well as to grab the data and do something with it (e.g., append the relevant data to the Info column):

    local pn_io_post = Proto("PNIOPost", "PNIO Postdissector")
    
    local pf = {
        afield = ProtoField.uint8("pn_io_post.afield", "A Field", base.DEC, nil, 0x03, "A Field Description")
    }
    
    pn_io_post.fields = pf
    
    local pn_io_data = Field.new("pn_io")
    
    function pn_io_post.dissector(tvbuf, pinfo, tree)
    
        local pn_io_post_tree
        local pn_io_data_ex = pn_io_data()
    
        if pn_io_data_ex ~= nil then
            local pn_io_data_tvb = pn_io_data_ex.range()
            local afield
    
            pn_io_post_tree = tree:add(pn_io_post, pn_io_data_tvb(0, -1))
            pn_io_post_tree:add(pf.afield, pn_io_data_tvb(4, 1))
            afield = pn_io_data_tvb(4, 1):uint()
            afield = bit.band(0x03, afield)
            pinfo.cols.info:append(" [A Field = " .. afield .. "]")
        end
    end
    
    register_postdissector(pn_io_post)