2 -- Netatalk DBD protocol
3 -- wireshark -X lua_script:cnid.lua
4 -- don't forget to comment out the line disable_lua = true; do return end;
5 -- in /etc/wireshark/init.lua
10 -- declare our protocol
11 local dbd_proto = Proto("dbd","Netatalk Dbd Wire Protocol")
13 local cmd = ProtoField.uint32("dbd.cmd", "Request") -- , base.HEX
14 local len = ProtoField.uint32("dbd.name.len", "Name Length")
15 local filename = ProtoField.string("dbd.name", "Name")
16 local error = ProtoField.uint32("dbd.error", "Error code")
17 local cnid = ProtoField.uint32("dbd.cnid", "Cnid")
18 local did = ProtoField.uint32("dbd.did", "Parent Directory Id")
19 local dev = ProtoField.uint64("dbd.dev", "Device number")
20 local ino = ProtoField.uint64("dbd.ino", "Inode number")
21 local type = ProtoField.uint32("dbd.type", "File type")
23 dbd_proto.fields = {cmd, error, cnid, did, dev, ino, type, filename, len}
26 local Cmd = { [3] = "add",
35 --- display a filename
36 local function fname(buffer, pinfo, tree, len, ofs)
38 pinfo.cols.info:append(" Name=" .. buffer(ofs +4, len):string())
40 local subtree = tree:add(buffer(ofs, len +4), buffer(ofs +4, len):string())
41 subtree:add(filename, buffer(ofs +4, len))
46 -- create a function to dissect it
47 function dbd_proto.dissector(buffer, pinfo, tree)
50 pinfo.cols.protocol = "DBD"
52 local subtree = tree:add(dbd_proto,buffer(),"Netatalk DBD Wire Protocol")
54 if pinfo.dst_port == 4700 then
55 pinfo.cols.info = "Query"
56 local val = buffer(0,4):uint()
57 local item = subtree:add(cmd, buffer(0,4))
59 item:append_text(" (" .. Cmd[val] .. ")")
60 pinfo.cols.info = Cmd[val]
62 local val = buffer(4,4):uint()
64 pinfo.cols.info:append(" Cnid=" .. val)
66 subtree:add(cnid, buffer(4, 4))
67 subtree:add(dev, buffer(8, 8))
68 subtree:add(ino, buffer(16, 8))
69 subtree:add(type, buffer(24, 4))
71 local val = buffer(28,4):uint()
73 pinfo.cols.info:append(" Did=" .. val)
75 subtree:add(did, buffer(28, 4))
77 local val = buffer(36,4):uint()
79 item = fname(buffer, pinfo, subtree, val, 36)
80 item:add(len, buffer(36, 4))
85 pinfo.cols.info = "Reply"
89 local val = buffer(0,4):uint()
91 subtree:add(error, buffer(0,4))
93 pinfo.cols.info:append(" Error=" .. val)
96 val = buffer(4,4):uint()
98 subtree:add(cnid, buffer(4,4))
100 pinfo.cols.info:append(" Cnid=" .. val)
103 val = buffer(8,4):uint()
105 subtree:add(did, buffer(8,4))
107 pinfo.cols.info:append(" Did=" .. val)
110 val = buffer(16,4):uint()
113 if rply.error == 0 and rply.did ~= 0 then
114 subtree = fname(buffer, pinfo, subtree, val, 16)
115 subtree:add(len, buffer(16,4))
120 -- load the tcp.port table
121 local tcp_table = DissectorTable.get("tcp.port")
122 -- register our protocol
123 tcp_table:add(4700, dbd_proto)