diff --git a/Doc/newlife.lua b/Doc/newlife.lua
index ec675e1..404f659 100644
--- a/Doc/newlife.lua
+++ b/Doc/newlife.lua
@@ -3,60 +3,64 @@ do
-- https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html#lua_class_ProtoField
local FF_flag = {
+ [0x80] = "[Reply]",
+ [0x81] = "[Reply]",
[8] = "[Reply]",
[7] = "[Error/Oneway]",
- [3] = "[Encrypted]",
- [2] = "[Compressed]",
+ [2] = "[Json]",
[1] = "[Binary]"
}
local f_flag = ProtoField.uint8("NewLife.flag", "标记", base.HEX, FF_flag, 0xFF)
- -- local f_flag = ProtoField.uint8("NewLife.flag", "标记", base.HEX)
local f_seq = ProtoField.uint8("NewLife.seq", "序列号", base.DEC)
- local f_length = ProtoField.uint16("NewLife.length", "长度", base.DEC)
- -- local f_data = ProtoField.string("NewLife.data", "内容", base.UNICODE)
+ local f_length = ProtoField.uint16("NewLife.length", "长度", base.DEC, nil, "字节长度")
local f_data = ProtoField.bytes("NewLife.data", "数据", base.SPACE)
p_newlife.fields = {f_flag, f_seq, f_length, f_data}
local data_dis = Dissector.get("data")
- local function NewLife_dissector(buf, pkt, root)
- local buf_len = buf:len();
- if buf_len < 4 then
- return false
- end
+ local function NewLife_dissector(buffer, pinfo, tree)
+ if buffer:len() < 4 then return false end
- local tvb = buf:range()
- local v_flag = tvb(0, 1)
- local v_seq = tvb(1, 1)
- local v_length = tvb(2, 2)
- local flag = tvb(0, 1):uint()
+ local flags = buffer(0, 1):uint()
+ local seq = buffer(1, 1):uint()
+ local len = buffer(2, 2):le_uint()
- local len = tvb(2, 2):le_uint()
- local v_data = tvb(4, len)
+ if 4 + len ~= buffer:len() then return false end
- pkt.cols.protocol = "NewLife"
+ pinfo.cols.protocol = "NewLife"
- local t = root:add(p_newlife, buf)
- t:add(f_flag, v_flag)
- t:add(f_seq, v_seq)
- t:add_le(f_length, v_length)
+ local t = tree:add(p_newlife, buffer)
+ t:add(f_flag, buffer(0, 1), flags)
+ t:add(f_seq, buffer(1, 1), seq)
+ local len_item = t:add_le(f_length, buffer(2, 2), len)
+
+ -- 检查负载数据长度是否超出实际捕获的数据长度
+ if buffer:len() - 4 < len then
+ len_item:add_expert_info(PI_MALFORMED, PI_WARN, "Payload length is beyond the end of the packet")
+ return
+ end
- -- t:add_packet_field(f_data, v_data, ENC_UTF_8 + ENC_STRING)
- t:add(f_data, v_data)
+ if len > 0 then
+ t:add(f_data, buffer(4, len), "Payload")
+ end
return true
end
- function p_newlife.dissector(buf, pkt, root)
- if NewLife_dissector(buf, pkt, root) then
+ function p_newlife.dissector(buffer, pinfo, tree)
+ if NewLife_dissector(buffer, pinfo, tree) then
-- valid NewLife diagram
else
- data_dis:call(buf, pkt, root)
+ data_dis:call(buffer, pinfo, tree)
end
end
+ -- register_postdissector(p_newlife)
+
+ -- DissectorTable.new("newlife")
+
local udp_encap_table = DissectorTable.get("udp.port")
udp_encap_table:add(5500, p_newlife)
udp_encap_table:add(9999, p_newlife)
@@ -68,4 +72,6 @@ do
tcp_encap_table:add(9999, p_newlife)
tcp_encap_table:add(777, p_newlife)
tcp_encap_table:add(12345, p_newlife)
+
+ DissectorTable.new("newlife")
end