用lua编写wireshark插件分析自己定义的协议

参见：

https://yoursunny.com/study/IS409/ScoreBoard.htm

https://wiki.wireshark.org/LuaAPI/TreeItem

https://www.cnblogs.com/zzqcn/p/4840589.html

foo.lua

--https://www.cnblogs.com/zzqcn/p/4840589.html
-- @brief Foo Protocol dissector plugin
-- @author zzq
-- @date 2015.08.12

-- create a new dissector
local NAME = "foo"
local PORT = 27015
local foo = Proto(NAME, "Foo Protocol")
-- create fields of foo
local fields = foo.fields
fields.type = ProtoField.uint8 (NAME .. ".type", "Type")
fields.flags = ProtoField.uint8 (NAME .. ".flags", "Flags")
fields.seqno = ProtoField.uint16(NAME .. ".seqno", "Seq No.")
fields.ipaddr = ProtoField.string(NAME .. ".ipaddr", "IPv4 Address")

-- dissect packet
-- dissect packet
function foo.dissector (tvb, pinfo, tree)
local subtree = tree:add(foo, tvb())
local offset = 0

-- show protocol name in protocol column
pinfo.cols.protocol = foo.name

-- dissect field one by one, and add to protocol tree
local type = tvb(offset, 1)
subtree:add(fields.type, type)
subtree:append_text(", type: " .. type:uint())
offset = offset + 1

subtree:add(fields.flags, tvb(offset, 1))
offset = offset + 1
subtree:add(fields.seqno, tvb(offset, 2))
offset = offset + 2
subtree:add(fields.ipaddr, tvb(offset, 4))
end

-- register this dissector
DissectorTable.get("tcp.port"):add(PORT, foo)

client.c

#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdlib.h>
#include <stdio.h>
#include <stdint.h>

// Need to link with Ws2_32.lib, Mswsock.lib, and Advapi32.lib
#pragma comment (lib, "Ws2_32.lib")
#pragma comment (lib, "Mswsock.lib")
#pragma comment (lib, "AdvApi32.lib")

#define DEFAULT_BUFLEN 512
#define DEFAULT_PORT "27015"
#define IP_LEN 32
struct tagFoo {
uint8_t type;
uint8_t flags;
uint16_t seqno;
char ipaddr[IP_LEN];
};

int __cdecl main(int argc, char **argv)
{
printf("%d", sizeof(struct tagFoo));
WSADATA wsaData;
SOCKET ConnectSocket = INVALID_SOCKET;
struct addrinfo *result = NULL,
*ptr = NULL,
hints;
struct tagFoo *sendbuf = 0;// "this is a test";
sendbuf = malloc(sizeof(struct tagFoo));
sendbuf->type = 1;
sendbuf->flags = 2;
sendbuf->seqno = 323;
ZeroMemory(sendbuf->ipaddr, sizeof(char)*IP_LEN);
strcpy(sendbuf->ipaddr, "192.168.1.158");

char recvbuf[DEFAULT_BUFLEN];
int iResult;
int recvbuflen = DEFAULT_BUFLEN;

// Validate the parameters
if (argc != 2) {
printf("usage: %s server-name ", argv[0]);
return 1;
}

// Initialize Winsock
iResult = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (iResult != 0) {
printf("WSAStartup failed with error: %d ", iResult);
return 1;
}

ZeroMemory(&hints, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;

// Resolve the server address and port
iResult = getaddrinfo(argv[1], DEFAULT_PORT, &hints, &result);
if (iResult != 0) {
printf("getaddrinfo failed with error: %d ", iResult);
WSACleanup();
return 1;
}

// Attempt to connect to an address until one succeeds
for (ptr = result; ptr != NULL; ptr = ptr->ai_next) {

// Create a SOCKET for connecting to server
ConnectSocket = socket(ptr->ai_family, ptr->ai_socktype,
ptr->ai_protocol);
if (ConnectSocket == INVALID_SOCKET) {
printf("socket failed with error: %ld ", WSAGetLastError());
WSACleanup();
return 1;
}

// Connect to server.
iResult = connect(ConnectSocket, ptr->ai_addr, (int)ptr->ai_addrlen);
if (iResult == SOCKET_ERROR) {
closesocket(ConnectSocket);
ConnectSocket = INVALID_SOCKET;
continue;
}
break;
}

freeaddrinfo(result);

if (ConnectSocket == INVALID_SOCKET) {
printf("Unable to connect to server! ");
WSACleanup();
return 1;
}

// Send an initial buffer
iResult = send(ConnectSocket, (const char*)sendbuf, sizeof(sendbuf), 0);
if (iResult == SOCKET_ERROR) {
printf("send failed with error: %d ", WSAGetLastError());
closesocket(ConnectSocket);
WSACleanup();
free(sendbuf);
return 1;
}
free(sendbuf);

printf("Bytes Sent: %ld ", iResult);

// shutdown the connection since no more data will be sent
iResult = shutdown(ConnectSocket, SD_SEND);
if (iResult == SOCKET_ERROR) {
printf("shutdown failed with error: %d ", WSAGetLastError());
closesocket(ConnectSocket);
WSACleanup();
return 1;
}

// Receive until the peer closes the connection
do {

iResult = recv(ConnectSocket, recvbuf, recvbuflen, 0);
if (iResult > 0)
printf("Bytes received: %d ", iResult);
else if (iResult == 0)
printf("Connection closed ");
else
printf("recv failed with error: %d ", WSAGetLastError());

} while (iResult > 0);

// cleanup
closesocket(ConnectSocket);
WSACleanup();

return 0;
}

server.c

#undef UNICODE

#define WIN32_LEAN_AND_MEAN

#include <windows.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <stdlib.h>
#include <stdio.h>

// Need to link with Ws2_32.lib
#pragma comment (lib, "Ws2_32.lib")
// #pragma comment (lib, "Mswsock.lib")

#define DEFAULT_BUFLEN 512
#define DEFAULT_PORT "27015"

int __cdecl main(void)
{
WSADATA wsaData;
int iResult;

SOCKET ListenSocket = INVALID_SOCKET;
SOCKET ClientSocket = INVALID_SOCKET;

struct addrinfo *result = NULL;
struct addrinfo hints;

int iSendResult;
char recvbuf[DEFAULT_BUFLEN];
int recvbuflen = DEFAULT_BUFLEN;

// Initialize Winsock
iResult = WSAStartup(MAKEWORD(2,2), &wsaData);
if (iResult != 0) {
printf("WSAStartup failed with error: %d ", iResult);
return 1;
}

ZeroMemory(&hints, sizeof(hints));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
hints.ai_flags = AI_PASSIVE;

// Resolve the server address and port
iResult = getaddrinfo(NULL, DEFAULT_PORT, &hints, &result);
if ( iResult != 0 ) {
printf("getaddrinfo failed with error: %d ", iResult);
WSACleanup();
return 1;
}

// Create a SOCKET for connecting to server
ListenSocket = socket(result->ai_family, result->ai_socktype, result->ai_protocol);
if (ListenSocket == INVALID_SOCKET) {
printf("socket failed with error: %ld ", WSAGetLastError());
freeaddrinfo(result);
WSACleanup();
return 1;
}

// Setup the TCP listening socket
iResult = bind( ListenSocket, result->ai_addr, (int)result->ai_addrlen);
if (iResult == SOCKET_ERROR) {
printf("bind failed with error: %d ", WSAGetLastError());
freeaddrinfo(result);
closesocket(ListenSocket);
WSACleanup();
return 1;
}

freeaddrinfo(result);

iResult = listen(ListenSocket, SOMAXCONN);
if (iResult == SOCKET_ERROR) {
printf("listen failed with error: %d ", WSAGetLastError());
closesocket(ListenSocket);
WSACleanup();
return 1;
}

// Accept a client socket
ClientSocket = accept(ListenSocket, NULL, NULL);
if (ClientSocket == INVALID_SOCKET) {
printf("accept failed with error: %d ", WSAGetLastError());
closesocket(ListenSocket);
WSACleanup();
return 1;
}

// No longer need server socket
closesocket(ListenSocket);

// Receive until the peer shuts down the connection
do {

iResult = recv(ClientSocket, recvbuf, recvbuflen, 0);
if (iResult > 0) {
printf("Bytes received: %d ", iResult);

// Echo the buffer back to the sender
iSendResult = send( ClientSocket, recvbuf, iResult, 0 );
if (iSendResult == SOCKET_ERROR) {
printf("send failed with error: %d ", WSAGetLastError());
closesocket(ClientSocket);
WSACleanup();
return 1;
}
printf("Bytes sent: %d ", iSendResult);
}
else if (iResult == 0)
printf("Connection closing... ");
else {
printf("recv failed with error: %d ", WSAGetLastError());
closesocket(ClientSocket);
WSACleanup();
return 1;
}

} while (iResult > 0);

// shutdown the connection since we're done
iResult = shutdown(ClientSocket, SD_SEND);
if (iResult == SOCKET_ERROR) {
printf("shutdown failed with error: %d ", WSAGetLastError());
closesocket(ClientSocket);
WSACleanup();
return 1;
}

// cleanup
closesocket(ClientSocket);
WSACleanup();

return 0;
}