Sure, here is the rewritten content:First, look at the final result. The Wireshark Lua plugin provides a way to extend Wireshark’s functionality using the Lua programming language.
Wireshark is open source, and when installing it on Windows, it uses 64-bit, so the corresponding library files need to be 64-bit.
The structure of a Lua plugin’s Dissector is roughly as follows:
The rest is the parsing of the Buffer. Pay attention to a few pitfalls:
1. Wireshark’s built-in Lua version is 5.2, there is lua52.dll in the installation directory;
2. Wireshark has a built-in zlib library file, named zlib1.dll;
When writing the plugin, place the compiled *.dll file in the Wireshark installation directory, and directly require(“xx”) in Lua. If there is an error, add LUA_CPATH to the system’s environment variable with the value being the path of all dll directories.
The project’s protobuf uses lua-protobuf. When compiling a 64-bit lua-protobuf, I downloaded the source code of Lua 5.2.4, and then compiled it. Create a new project to export the lua-protobuf.dll file.
Be sure to reference lua52.dll, and configure additional library and include directories.
Another library used is lua-zlib
I first downloaded the source code of zlib, version 1.2.11. Using cmake for compilation, after which I copied the cmake-generated zconf.h file into the zlib-1.2.11 directory, and then configured the lua-zlib project.
Similarly, configure additional include and library paths, and finally generate the lua_zlib.dll file, then rename it to zlib.dll. Copy it to the Wireshark installation directory, directly require(“zlib”) in Lua.
Use Dependency Walker to check if the generated dll is correct
During the message parsing process, I used a recursive method to expand all the data.
Currently, data from client -> server and server -> client can all be parsed correctly. I defined the local IP, and then determined if the current message is client to server data by checking if pinfo.src is equal to the local IP.