Lua: add DissectorTable.try_heuristics() function
Add DissectorTable.try_heuristics(name, tvb, pinfo, tree). Previously, there was no way for a Lua plugin to run an existing heuristic dissector. Based on Gerrit change 18718. Closes #17220.
This commit is contained in:
parent
537c5f2955
commit
62af671bf3
|
@ -286,6 +286,35 @@ WSLUA_CONSTRUCTOR DissectorTable_heuristic_list (lua_State *L) {
|
||||||
WSLUA_RETURN(1); /* The array table of registered heuristic list names */
|
WSLUA_RETURN(1); /* The array table of registered heuristic list names */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
WSLUA_CONSTRUCTOR DissectorTable_try_heuristics (lua_State *L) {
|
||||||
|
/*
|
||||||
|
Try all the dissectors in a given heuristic dissector table.
|
||||||
|
*/
|
||||||
|
#define WSLUA_ARG_DissectorTable_try_heuristics_LISTNAME 1 /* The name of the heuristic dissector. */
|
||||||
|
#define WSLUA_ARG_DissectorTable_try_heuristics_TVB 2 /* The buffer to dissect. */
|
||||||
|
#define WSLUA_ARG_DissectorTable_try_heuristics_PINFO 3 /* The packet info. */
|
||||||
|
#define WSLUA_ARG_DissectorTable_try_heuristics_TREE 4 /* The tree on which to add the protocol items. */
|
||||||
|
|
||||||
|
const gchar* name = luaL_checkstring(L,WSLUA_ARG_DissectorTable_try_heuristics_LISTNAME);
|
||||||
|
Tvb tvb = checkTvb(L,WSLUA_ARG_DissectorTable_try_heuristics_TVB);
|
||||||
|
Pinfo pinfo = checkPinfo(L,WSLUA_ARG_DissectorTable_try_heuristics_PINFO);
|
||||||
|
TreeItem tree = checkTreeItem(L,WSLUA_ARG_DissectorTable_try_heuristics_TREE);
|
||||||
|
heur_dissector_list_t list;
|
||||||
|
heur_dtbl_entry_t *entry;
|
||||||
|
|
||||||
|
if (!(name && tvb && pinfo && tree)) return 0;
|
||||||
|
|
||||||
|
list = find_heur_dissector_list(name);
|
||||||
|
if (!list) {
|
||||||
|
luaL_error(L, "Heuristic list '%s' does not exist", name);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
lua_pushboolean(L, dissector_try_heuristic(list, tvb->ws_tvb, pinfo->ws_pinfo, tree->tree, &entry, NULL));
|
||||||
|
|
||||||
|
WSLUA_RETURN(1); /* True if the packet was recognized by the sub-dissector (stop dissection here). */
|
||||||
|
}
|
||||||
|
|
||||||
WSLUA_CONSTRUCTOR DissectorTable_get (lua_State *L) {
|
WSLUA_CONSTRUCTOR DissectorTable_get (lua_State *L) {
|
||||||
/*
|
/*
|
||||||
Obtain a reference to an existing dissector table.
|
Obtain a reference to an existing dissector table.
|
||||||
|
@ -688,6 +717,7 @@ WSLUA_METHODS DissectorTable_methods[] = {
|
||||||
WSLUA_CLASS_FNREG(DissectorTable,get),
|
WSLUA_CLASS_FNREG(DissectorTable,get),
|
||||||
WSLUA_CLASS_FNREG(DissectorTable,list),
|
WSLUA_CLASS_FNREG(DissectorTable,list),
|
||||||
WSLUA_CLASS_FNREG(DissectorTable,heuristic_list),
|
WSLUA_CLASS_FNREG(DissectorTable,heuristic_list),
|
||||||
|
WSLUA_CLASS_FNREG(DissectorTable,try_heuristics),
|
||||||
WSLUA_CLASS_FNREG(DissectorTable,add),
|
WSLUA_CLASS_FNREG(DissectorTable,add),
|
||||||
WSLUA_CLASS_FNREG(DissectorTable,set),
|
WSLUA_CLASS_FNREG(DissectorTable,set),
|
||||||
WSLUA_CLASS_FNREG(DissectorTable,remove),
|
WSLUA_CLASS_FNREG(DissectorTable,remove),
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
-- Define a new protocol that runs TCP heuristics and on failure runs UDP heuristics
|
||||||
|
--
|
||||||
|
-- This expects to be run against dns_port.pcap, so it should end up resolving all packets to DNS with the UDP heuristic
|
||||||
|
local test_proto = Proto("test", "Test Protocol")
|
||||||
|
|
||||||
|
-- Have all tests passed so far?
|
||||||
|
-- Anything that fails should set this to false, which will suppress the "".
|
||||||
|
all_ok = true
|
||||||
|
|
||||||
|
-- The number of frames expected
|
||||||
|
-- Final test status is output with last frame
|
||||||
|
LAST_FRAME = 4
|
||||||
|
|
||||||
|
function test_proto.dissector(buf, pinfo, root)
|
||||||
|
print("Dissector function run")
|
||||||
|
|
||||||
|
orig_proto_name = tostring(pinfo.cols.protocol)
|
||||||
|
|
||||||
|
-- Run TCP heuristic dissectors
|
||||||
|
-- Dissection should fail, and the protocol name should be unchanged
|
||||||
|
tcp_success = DissectorTable.try_heuristics("tcp", buf, pinfo, root)
|
||||||
|
curr_proto_name = tostring(pinfo.cols.protocol)
|
||||||
|
|
||||||
|
if tcp_success then
|
||||||
|
all_ok = false
|
||||||
|
print("tcp heuristics were not expected to report success, but did!")
|
||||||
|
end
|
||||||
|
|
||||||
|
if curr_proto_name ~= orig_proto_name then
|
||||||
|
all_ok = false
|
||||||
|
print("after tcp heuristics were run, protocol " .. orig_proto_name .. " was not expected to change, but became " .. curr_proto_name .. "!")
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Run UDP heuristic dissectors
|
||||||
|
-- Dissection should succeed, and the protocol name should be changed to DNS
|
||||||
|
udp_success = DissectorTable.try_heuristics("udp", buf, pinfo, root)
|
||||||
|
curr_proto_name = tostring(pinfo.cols.protocol)
|
||||||
|
|
||||||
|
if not udp_success then
|
||||||
|
all_ok = false
|
||||||
|
print("udp heuristics were expected to report success, but did not!")
|
||||||
|
end
|
||||||
|
|
||||||
|
if curr_proto_name ~= "DNS" then
|
||||||
|
all_ok = false
|
||||||
|
print("after udp heuristics were run, protocol should be changed to DNS, but became " .. curr_proto_name .. "!")
|
||||||
|
end
|
||||||
|
|
||||||
|
-- If we're on the last frame, report success or failure
|
||||||
|
if pinfo.number == LAST_FRAME then
|
||||||
|
if all_ok then
|
||||||
|
print("All tests passed!")
|
||||||
|
else
|
||||||
|
print("Some tests failed!")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
-- Invoke test_proto on the expected UDP traffic
|
||||||
|
DissectorTable.get("udp.port"):add(65333, test_proto)
|
||||||
|
DissectorTable.get("udp.port"):add(65346, test_proto)
|
|
@ -282,6 +282,10 @@ class case_wslua(subprocesstest.SubprocessTestCase):
|
||||||
'''wslua tvb without a tree'''
|
'''wslua tvb without a tree'''
|
||||||
check_lua_script(self, 'tvb.lua', dns_port_pcap, True)
|
check_lua_script(self, 'tvb.lua', dns_port_pcap, True)
|
||||||
|
|
||||||
|
def test_wslua_try_heuristics(self, check_lua_script):
|
||||||
|
'''wslua try_heuristics'''
|
||||||
|
check_lua_script(self, 'try_heuristics.lua', dns_port_pcap, True)
|
||||||
|
|
||||||
|
|
||||||
@fixtures.uses_fixtures
|
@fixtures.uses_fixtures
|
||||||
class case_wslua_unicode(subprocesstest.SubprocessTestCase):
|
class case_wslua_unicode(subprocesstest.SubprocessTestCase):
|
||||||
|
|
Loading…
Reference in New Issue