1-- 2-- Netatalk DBD protocol 3-- wireshark -X lua_script:cnid.lua 4-- don't forget to comment out the line disable_lua = true; do return end; 5-- in /etc/wireshark/init.lua 6 7-- global environment 8local b = _G 9 10-- declare our protocol 11local dbd_proto = Proto("dbd","Netatalk Dbd Wire Protocol") 12 13local cmd = ProtoField.uint32("dbd.cmd", "Request") -- , base.HEX 14local len = ProtoField.uint32("dbd.name.len", "Name Length") 15local filename = ProtoField.string("dbd.name", "Name") 16local error = ProtoField.uint32("dbd.error", "Error code") 17local cnid = ProtoField.uint32("dbd.cnid", "Cnid") 18local did = ProtoField.uint32("dbd.did", "Parent Directory Id") 19local dev = ProtoField.uint64("dbd.dev", "Device number") 20local ino = ProtoField.uint64("dbd.ino", "Inode number") 21local type = ProtoField.uint32("dbd.type", "File type") 22 23dbd_proto.fields = {cmd, error, cnid, did, dev, ino, type, filename, len} 24 25--- Request list 26local Cmd = { [3] = "add", 27 [4] = "get", 28 [5] = "resolve", 29 [6] = "lookup", 30 [7] = "update", 31 [8] = "delete", 32 [11] = "timestamp" 33 } 34 35--- display a filename 36local function fname(buffer, pinfo, tree, len, ofs) 37 38 pinfo.cols.info:append(" Name=" .. buffer(ofs +4, len):string()) 39 40 local subtree = tree:add(buffer(ofs, len +4), buffer(ofs +4, len):string()) 41 subtree:add(filename, buffer(ofs +4, len)) 42 43 return subtree 44end 45 46-- create a function to dissect it 47function dbd_proto.dissector(buffer, pinfo, tree) 48 49 50 pinfo.cols.protocol = "DBD" 51 52 local subtree = tree:add(dbd_proto,buffer(),"Netatalk DBD Wire Protocol") 53 54 if pinfo.dst_port == 4700 then 55 pinfo.cols.info = "Query" 56 local val = buffer(0,4):uint() 57 local item = subtree:add(cmd, buffer(0,4)) 58 if Cmd[val] then 59 item:append_text(" (" .. Cmd[val] .. ")") 60 pinfo.cols.info = Cmd[val] 61 62 local val = buffer(4,4):uint() 63 if val ~= 0 then 64 pinfo.cols.info:append(" Cnid=" .. val) 65 end 66 subtree:add(cnid, buffer(4, 4)) 67 subtree:add(dev, buffer(8, 8)) 68 subtree:add(ino, buffer(16, 8)) 69 subtree:add(type, buffer(24, 4)) 70 71 local val = buffer(28,4):uint() 72 if val ~= 0 then 73 pinfo.cols.info:append(" Did=" .. val) 74 end 75 subtree:add(did, buffer(28, 4)) 76 77 local val = buffer(36,4):uint() 78 if val ~= 0 then 79 item = fname(buffer, pinfo, subtree, val, 36) 80 item:add(len, buffer(36, 4)) 81 82 end 83 end 84 else 85 pinfo.cols.info = "Reply" 86 87 local rply = {} 88 89 local val = buffer(0,4):uint() 90 rply.error = val 91 subtree:add(error, buffer(0,4)) 92 if val ~= 0 then 93 pinfo.cols.info:append(" Error=" .. val) 94 end 95 96 val = buffer(4,4):uint() 97 rply.cnid = val 98 subtree:add(cnid, buffer(4,4)) 99 if val ~= 0 then 100 pinfo.cols.info:append(" Cnid=" .. val) 101 end 102 103 val = buffer(8,4):uint() 104 rply.did = val 105 subtree:add(did, buffer(8,4)) 106 if val ~= 0 then 107 pinfo.cols.info:append(" Did=" .. val) 108 end 109 110 val = buffer(16,4):uint() 111 rply.len = val 112 113 if rply.error == 0 and rply.did ~= 0 then 114 subtree = fname(buffer, pinfo, subtree, val, 16) 115 subtree:add(len, buffer(16,4)) 116 end 117 end 118end 119 120-- load the tcp.port table 121local tcp_table = DissectorTable.get("tcp.port") 122-- register our protocol 123tcp_table:add(4700, dbd_proto) 124