Add wireshark dissector for native packets

2024-12-29 04:50:03 +01:00 · 2014-02-08 18:45:30 +01:00 · 2014-02-08 18:45:30 +01:00 · 8336c8ed14
commit 8336c8ed14
parent 7ccf0e0858
2 changed files with 86 additions and 0 deletions
--- a/dist/tools/wireshark_dissector/README.md
+++ b/dist/tools/wireshark_dissector/README.md
@ -0,0 +1,25 @@
+# RIOT native wireshark dissector
+This allows wireshark to parse packets send over TAP by RIOT's native.
+
+## Installation
+Just copy the script ``riot.lua`` to ``$HOME/.wireshark/plugins`` and restart
+Wireshark.
+
+## Usage
+### Debian/Ubuntu
+Ensure that dumpcat is available for you as non-superusers:
+
+```bash
+sudo dpkg-reconfigure wireshark-common
+sudo usermod -a -G wireshark $USER
+```
+
+## Configuration
+Depending on what you want to send over the native TAP you might want to change
+the next header dissector. Currently we have included the dissectors for 
+IEEE 802.15.4 and 6LoWPAN into the script file, but anything is thinkable.
+Refer to the wireshark manual to get the protocol names, e.g.:
+
+```lua
+    local next_dis = Dissector.get("ipv6")
+```
--- a/dist/tools/wireshark_dissector/riot.lua
+++ b/dist/tools/wireshark_dissector/riot.lua
@ -0,0 +1,61 @@
+-- RIOT native support for Wireshark
+-- A Lua implementation for dissection of RIOT native packets in wireshark
+-- @Version: 0.0.1
+-- @Author: Martin Lenders
+-- @E-Mail: mlenders@inf.fu-berlin.de
+
+do
+    --Protocol name "RIOT"
+    local p_riot = Proto("RIOT", "RIOT native packet")
+
+    --Protocol Fields
+    local f_length = ProtoField.uint16("RIOT.length", "Length", base.DEC, nil)
+    local f_dst = ProtoField.uint16("RIOT.dst", "Destination", base.DEC, nil)
+    local f_src = ProtoField.uint16("RIOT.src", "Source", base.DEC, nil)
+    
+    p_riot.fields = { f_length, f_dst, f_src }
+
+    local data_dis = Dissector.get("data")
+    -- local next_dis = Dissector.get("6lowpan")   -- for 6LoWPAN
+    local next_dis = Dissector.get("wpan")      -- for IEEE 802.15.4
+
+    function riot_dissector(buf, pkt, root)
+        local buf_len = buf:len()
+        local riot_tree = root:add(p_riot, buf)
+        
+        if buf_len < 6 then return false end
+
+        local packet_len = buf(0,2):uint()
+        local dst = buf(2,2):uint()
+        local src = buf(4,2):uint()
+
+        if buf_len - 6 ~= packet_len then return false end
+
+        riot_tree:append_text(", Dst: ")
+        riot_tree:append_text(dst)
+        riot_tree:append_text(", Src: ")
+        riot_tree:append_text(src)
+        riot_tree:append_text(", Length: ")
+        riot_tree:append_text(packet_len)
+
+        riot_tree:add(f_length, buf(0, 2))
+        riot_tree:add(f_dst, buf(2, 2))
+        riot_tree:add(f_src, buf(4, 2))
+        
+        next_dis:call(buf(6, packet_len):tvb(),pkt,root) 
+
+        return true        
+    end
+
+    function p_riot.dissector(buf, pkt, root)
+        if not riot_dissector(buf, pkt, root) then
+            data_dis:call(buf, pkt, root)
+        end
+    end
+
+    local eth_encap_table = DissectorTable.get("ethertype")
+
+    --handle ethernet type 0x1234
+    
+    eth_encap_table:add(0x1234, p_riot)
+end