Create Wireshark dissector for protocols implemented

[smarek]

This is related issue, not core issue, however I'm not skilled in Lua, so I'm gonna need some help here

• Convert Kaitai definitions to lua
  • cd kaitai ; kaitai-struct-compiler -t lua *.ksy
• aggregate PCAPs with appropriate data to test dissectors with
  • some is available here https://github.com/smarek/Hytera_Homebrew_Bridge/tree/master/tests/data/pcap
  • more should be available shortly
• Wireshark needs to have Lua 5.3 or Lua 5.2 runtime must be written
  • Current is 5.3, incompatible with Wireshark 2.x, which ships with Lua 5.2 interpret
  • Kaitai Compiler Lua Translator needs update to use bit classes instead of 5.3 bitwise operations
    • https://github.com/kaitai-io/kaitai_struct_compiler/blob/master/shared/src/main/scala/io/kaitai/struct/translators/LuaTranslator.scala
  • https://github.com/kaitai-io/kaitai_struct_lua_runtime
• allow different protocols on the port
  • b(1) 0x00 keepalive / connection reset
  • 0x7e ... hytera_radio_network_protocol
  • 0x5a 0x5a 0x5a 0x5a ... ip_site_connect_protocol
  • 0x00 0x00 0x00 0x00 ... if len==72 => ip_site_connect_protocol
• Use generated classes to create generic dissector
  • differentiate protocol on packet by port and/or by matching size/protocol data prefix
  • correctly dissect wrapped protocols by definitions already present in kaitai definitions
  • put ports in some kind of preambule / config array, because they might differ in each instance/site configuration

Guide on how to import sub-classes in wireshark dissectors https://mika-s.github.io/wireshark/lua/dissector/2018/12/18/creating-a-wireshark-dissector-in-lua-5.html

Also it might be easier to develop the dissector as binary plugin in C/C++ instead of Lua, due to wireshark Lua limitations

[smarek]

Lua runtime modified for 5.2 provided in cdc83b0

[KOLANICH]

BTW, can the dissector generator either be a separate project from Hytera Homebrew Bridge, or even better a part of KSC (wireshark dissectors target is a long awaited item in the wishlist).

[smarek]

@KOLANICH It should be, kaitai-to-wireshark is not really generator, as it does not reflect upon KSC definitions and hierarchy, and what I'm coding here is not generator either

if the KSC Lua runtime will be compatible with Lua 5.2, it should be doable, however I'm really unqualified in Lua, and it seems to me, that the dissector must be generated directly from KSC definitions, and it's not possible to just wrap around generated Lua classes.

[KOLANICH]

It largery depends on the API Wireshark exposes and on availibility of "debug" code generation for lua target.

More precisely, debug API allows to get offsets for each seq member. I have built upon "debug" API a tool generating tags for WxHexEditor

[smarek]

I might have dive depper into debug, because I hoped for some kind of object introspection/reflection on java/python to generate the final lua, instead of using the generated lua and wrapping around them

[smarek]

But seeing the tests Translator, it might be easier to write similar Wireshark translator instead

[smarek]

I've just updated ksy definitions and Lua runtime as well, so now it should be quite easy to finish that, but I'd still appreciate any help on that