用於wireshark在3.2版本前沒有解析SOME/IP協議的幫助腳本
-- SOME/IP Protocol -- declare our protocol local tempstr someip_proto = Proto("someip","SOME/IP Protocol") serviceId = ProtoField.uint16( "someip.service", "Service Id", base.HEX) methodId = ProtoField.uint16( "someip.method", "Method Id", base.HEX) length = ProtoField.uint32( "someip.length", "Length", base.DEC) clientId = ProtoField.uint16( "someip.client", "Client Id", base.HEX) sessionId = ProtoField.uint16( "someip.session", "Session Id", base.HEX) protocolVersion = ProtoField.uint8( "someip.protocol", "Protocol Version", base.HEX) interfaceVersion = ProtoField.uint8( "someip.interface", "Interface Version", base.HEX) messageType = ProtoField.uint8( "someip.messagetype", "Message Type", base.HEX) returnCode = ProtoField.uint8( "someip.returncode", "Return Code", base.HEX) entriesLength = ProtoField.uint32( "someip.entrieslength", "Length of Entries Array", base.DEC) optionsLength = ProtoField.uint32( "someip.optionslength", "Length of Options Array", base.DEC) portNumber = ProtoField.uint32( "someip.portnumber", "Port Number", base.DEC) ipv4 = ProtoField.new( "IPv4-Address", "someip.ipv4", ftypes.IPv4) someip_proto.fields = { serviceId, methodId, length, clientId, sessionId, protocolVersion, interfaceVersion, messageType, returnCode, entriesLength, optionsLength, portNumber, ipv4 } -- create a function to dissect it function someip_proto.dissector(buffer,pinfo,tree) pinfo.cols.protocol = "SOME/IP" local subtree = tree:add(someip_proto,buffer(),"SOME/IP Protocol Data") subtree:add(serviceId, buffer(0,2)) subtree:add(methodId, buffer(2,2)) subtree:add(length, buffer(4,4)) subtree:add(clientId, buffer(8,2)) subtree:add(sessionId, buffer(10,2)) subtree:add(protocolVersion, buffer(12,1)) subtree:add(interfaceVersion, buffer(13,1)) --subtree:add(messageType, buffer(14,1)) --subtree:add(returnCode, buffer(15,1)) if buffer(14,1):uint() == 0x00 then typestr = "REQUEST" elseif buffer(14,1):uint() == 0x01 then typestr = "REQUEST_NO_RETURN" elseif buffer(14,1):uint() == 0x02 then typestr = "NOTIFICATION" elseif buffer(14,1):uint() == 0x80 then typestr = "RESPONSE" elseif buffer(14,1):uint() == 0x81 then typestr = "ERROR" else typestr = "UNKOWN" end subtree:add(buffer(14.1), "Message Type:"..buffer(14,1).."-"..typestr) local retCode = buffer(15,1):uint() if retCode == 0x00 then typestr = "E_OK" elseif retCode == 0x01 then typestr = "E_NOT_OK" elseif retCode == 0x02 then typestr = "E_UNKNOWN_SERVICE" elseif retCode == 0x03 then typestr = "E_UNKNOWN_METHOD" elseif retCode == 0x04 then typestr = "E_NOT_READY" elseif retCode == 0x05 then typestr = "E_REACHABLE" elseif retCode == 0x06 then typestr = "E_TIMEOUT" elseif retCode == 0x07 then typestr = "E_WRONG_PROTOCOL_VERSION" elseif retCode == 0x08 then typestr = "E_WRONG_INTERFACE_VERSION" elseif retCode == 0x09 then typestr = "E_MALFORMED_MESSAGE" elseif retCode == 0x0a then typestr = "E_WRONG_MESSAGE_TYPE" elseif retCode == 0x0b then typestr = "E_E2E_REPEATED" elseif retCode == 0x0c then typestr = "E_E2E_WRONG_SEQUENCE" elseif retCode == 0x0d then typestr = "E_E2E" elseif retCode == 0x0e then typestr = "E_E2E_NOT_AVAILABLE" elseif retCode == 0x0f then typestr = "E_E2E_NO_NEW_DATA" else typestr = "E_RESERVED" end subtree:add(buffer(15.1), "Return Code:"..buffer(15,1).."-"..typestr) if buffer(0,2):uint() == 0xffff and buffer(2,2):uint() == 0x8100 then subtree = subtree:add(buffer(16), "SD Payload: " .. buffer(16)) subtree:add(buffer(16,1), "Flags: " .. buffer(16,1)) subtree:add(entriesLength, buffer(20,4)) local offset1e = 24; local iTempNum = buffer(offset1e, 1):uint() local sTempstr if iTempNum == 0x01 then sTempstr = "Offer Service" elseif iTempNum == 0x00 then sTempstr = "Find Service" elseif iTempNum == 0x06 then sTempstr = "SubscribeEventgroup" elseif iTempNum == 0x07 then sTempstr = "SubscribeEventgroupAck" else sTempstr = "Unkown" end subtree1e = subtree:add(buffer(offset1e,16), "1st Entry: ") subtree1e:add(buffer(offset1e,1), "Type: " .. buffer((offset1e),1).."-"..sTempstr) subtree1e:add(buffer((offset1e + 1),1), "Index 1st options: " .. buffer((offset1e + 1),1)) subtree1e:add(buffer((offset1e + 2),1), "Index 2nd options: " .. buffer((offset1e + 2),1)) subtree1e:add(buffer((offset1e + 3),1), "# of opt 1 + 2: " .. buffer((offset1e + 3),1)) subtree1e:add(buffer((offset1e + 4),2), "Service ID: " .. buffer((offset1e + 4),2)) subtree1e:add(buffer((offset1e + 6),2), "Instance ID: " .. buffer((offset1e + 6),2)) subtree1e:add(buffer((offset1e + 8),1), "Major Version: " .. buffer((offset1e + 8),1)) subtree1e:add(buffer((offset1e + 9),3), "TTL: " .. buffer((offset1e + 9),3)) subtree1e:add(buffer((offset1e + 12),4), "Minor Version: " .. buffer((offset1e + 12),4)) subtree1e:add(buffer((offset1e + 14),2), "EventGroup ID: " .. buffer((offset1e + 14),2)) if buffer(4,4):uint() > (12 + 4 + buffer(20,4):uint()) then local offset1o = 24 + buffer(20,4):uint(); subtree:add(optionsLength, buffer(offset1o,4)) if buffer(offset1o,4):uint() > 0 then subtree1o = subtree:add(buffer((offset1o + 4),12), "1st Option: ") subtree1o:add(buffer((offset1o + 4),2), "Length: " .. buffer((offset1o + 4),2)) iTempNum = buffer((offset1o + 6),1):uint() if iTempNum == 0x01 then sTempstr = "Configuration" elseif iTempNum == 0x04 then sTempstr = "IPv4 Endpoint" elseif iTempNum == 0x05 then sTempstr = "IPv4 Endpoint" elseif iTempNum == 0x06 then sTempstr = "IPv6 Endpoint" elseif iTempNum == 0x24 then sTempstr = "IPv4 SD Endpoint" elseif iTempNum == 0x26 then sTempstr = "IPv6 SD Endpoint" elseif iTempNum == 0x14 then sTempstr = "IPv4 Multicast" elseif iTempNum == 0x16 then sTempstr = "IPv6 Multicast" else sTempstr = "Unkown" end subtree1o:add(buffer((offset1o + 6),1), "Type: " .. buffer((offset1o + 6),1).."-"..sTempstr) subtree1o:add(ipv4, buffer((offset1o + 8),4)) subtree1o:add(buffer((offset1o + 13),1), "L4-Proto: " .. buffer((offset1o + 13),1)) subtree1o:add(portNumber, buffer((offset1o + 14),2)) if buffer(offset1o,4):uint() > 12 then subtree2o = subtree:add(buffer(offset1o+16,12), "2nd Option: " .. buffer(offset1o+16,12)) end end end --if buffer(20,4):uint() > 16 then -- subtree2e = subtree:add(buffer(40,16), "2nd Entry: " .. buffer(40,16)) --end else subtree:add(buffer(16), "Payload: " .. buffer(16)) end end -- load the udp.port table udp_table = DissectorTable.get("udp.port") tcp_table = DissectorTable.get("tcp.port") -- register our protocol to handle udp port udp_table:add(30490,someip_proto) -- user define port udp_table:add(31000,someip_proto) tcp_table:add(31000,someip_proto)
wireshark在3.2版本前解析SOME/IP
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章