local p_multi = Proto("multi", "MultiProto"); local f_Ver = ProtoField.uint8("multi.ver", "Ver", base.DEC, nil, 0xf0) local f_Type = ProtoField.uint8("multi.type", "Type", base.DEC, nil, 0x0f) local f_TotalLen = ProtoField.uint8("multi.totalLen", "TotalLen", base.DEC) local f_Hop = ProtoField.uint8("multi.hop", "Hop", base.DEC) local f_Reserved = ProtoField.uint8("multi.reserved", "Reserved", base.DEC) local f_Data = ProtoField.string("multi.data", "Data", base.UNICODE) p_multi.fields = { f_Ver, f_Type, f_TotalLen, f_Hop, f_Reserved, f_Data, } local data_dis = Dissector.get("data") local protos = { [2] = Dissector.get("mtp2"), [3] = Dissector.get("mtp3"), [4] = Dissector.get("alcap"), [5] = Dissector.get("h248"), [6] = Dissector.get("ranap"), [7] = Dissector.get("rnsap"), [8] = Dissector.get("nbap"), [9] = Dissector.get("rrc"), [10] = DissectorTable.get("sctp.ppi"):get_dissector(3), -- m3ua [11] = DissectorTable.get("ip.proto"):get_dissector(132), -- sctp } function printS(s,desc) desc = desc or ‘‘ local t = "" for i=1, #s do t = t .. string.format("%#x,",string.byte( s, i, i)) end print(desc,t) end function getUTF8(buf) local s2 = buf:bytes() return s2:raw() end function p_multi.dissector(buf, pkt, tree) local subtree = tree:add(p_multi, buf(0)) local TotalLen = buf(1,1) subtree:add(f_Ver, buf(0,1)) subtree:add(f_Type, buf(0,1)) subtree:add(f_TotalLen, TotalLen) subtree:add(f_Hop, buf(2,1)) subtree:add(f_Reserved, buf(3,1)) local len = math.min(TotalLen:uint(), buf:len()-4) subtree:add(f_Data, getUTF8(buf(4,len))) end -- local wtap_encap_table = DissectorTable.get("wtap_encap") local udp_encap_table = DissectorTable.get("udp.port") -- wtap_encap_table:add(wtap.USER15, p_multi) -- wtap_encap_table:add(wtap.USER12, p_multi) udp_encap_table:add(9999, p_multi)
原文:https://www.cnblogs.com/dzqdzq/p/13272857.html