aboutsummaryrefslogtreecommitdiff
path: root/contrib/ptunnel-dissector.lua
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ptunnel-dissector.lua')
-rw-r--r--contrib/ptunnel-dissector.lua48
1 files changed, 48 insertions, 0 deletions
diff --git a/contrib/ptunnel-dissector.lua b/contrib/ptunnel-dissector.lua
new file mode 100644
index 0000000..d5a63a2
--- /dev/null
+++ b/contrib/ptunnel-dissector.lua
@@ -0,0 +1,48 @@
+ptunnel_protocol = Proto("PTunnel-NG", "PTunnel-NG Protocol")
+
+icmp_type = ProtoField.uint8("icmp.type", "type", base.HEX)
+icmp_code = ProtoField.uint8("icmp.code", "code", base.HEX)
+icmp_chksm = ProtoField.uint16("icmp.chksm", "chksm", base.HEX)
+
+magic = ProtoField.uint32("ptunnel.magic", "magic", base.HEX)
+
+ptunnel_protocol.fields = { icmp_type, icmp_code, icmp_chksm, magic }
+
+function ptunnel_protocol.dissector(buffer, pinfo, tree)
+ length = buffer:len()
+ if length == 0 then return end
+
+ pinfo.cols.protocol = ptunnel_protocol.name
+
+ local subtree = tree:add(ptunnel_protocol, buffer(), "PTunnel Protocol Data")
+ local icmpHeaderSubtree = subtree:add(ptunnel_protocol, buffer(), "ICMP Header")
+
+ icmpHeaderSubtree:add_le(icmp_type, buffer(0,1))
+ icmpHeaderSubtree:add_le(icmp_code, buffer(1,1))
+ icmpHeaderSubtree:add_le(icmp_chksm, buffer(2,2))
+
+ icmpHeaderSubtree:add_le(magic, buffer(4,4))
+end
+
+local icmp = DissectorTable.get("ip.proto")
+icmp:add(1, ptunnel_protocol)
+
+local function heuristic_checker(buffer, pinfo, tree)
+ length = buffer:len()
+ --if length < 28 + 8 then return false end
+
+ local magic = buffer(8,4):uint32()
+ if magic == 0xdeadc0de
+ then
+ ptunnel_protocol.dissector(buffer, pinfo, tree)
+ return true
+ else
+ return false
+ end
+end
+
+ptunnel_protocol:register_heuristic("ip", heuristic_checker)
+
+--for k,v in pairs(DissectorTable.list()) do
+-- print(k,v)
+--end
Powered by cgit, Themed by Ted Yin.