Hytera_Homebrew_Bridge icon indicating copy to clipboard operation
Hytera_Homebrew_Bridge copied to clipboard

Published 20 hours ago verified publisher icon OK-DMR

Create Wireshark dissector for protocols implemented

Open smarek opened this issue 5 years ago • 7 comments

This is related issue, not core issue, however I'm not skilled in Lua, so I'm gonna need some help here

  • [x] Convert Kaitai definitions to lua
    • cd kaitai ; kaitai-struct-compiler -t lua *.ksy
  • [x] aggregate PCAPs with appropriate data to test dissectors with
    • some is available here https://github.com/smarek/Hytera_Homebrew_Bridge/tree/master/tests/data/pcap
    • more should be available shortly
  • [x] Wireshark needs to have Lua 5.3 or Lua 5.2 runtime must be written
    • Current is 5.3, incompatible with Wireshark 2.x, which ships with Lua 5.2 interpret
    • Kaitai Compiler Lua Translator needs update to use bit classes instead of 5.3 bitwise operations
      • https://github.com/kaitai-io/kaitai_struct_compiler/blob/master/shared/src/main/scala/io/kaitai/struct/translators/LuaTranslator.scala
    • https://github.com/kaitai-io/kaitai_struct_lua_runtime
  • [ ] allow different protocols on the port
    • b(1) 0x00 keepalive / connection reset
    • 0x7e ... hytera_radio_network_protocol
    • 0x5a 0x5a 0x5a 0x5a ... ip_site_connect_protocol
    • 0x00 0x00 0x00 0x00 ... if len==72 => ip_site_connect_protocol
  • [ ] Use generated classes to create generic dissector
    • differentiate protocol on packet by port and/or by matching size/protocol data prefix
    • correctly dissect wrapped protocols by definitions already present in kaitai definitions
    • put ports in some kind of preambule / config array, because they might differ in each instance/site configuration

Guide on how to import sub-classes in wireshark dissectors https://mika-s.github.io/wireshark/lua/dissector/2018/12/18/creating-a-wireshark-dissector-in-lua-5.html

Also it might be easier to develop the dissector as binary plugin in C/C++ instead of Lua, due to wireshark Lua limitations

smarek avatar Jul 28 '20 09:07 smarek

Lua runtime modified for 5.2 provided in cdc83b0f8933cb3ec28f5b8e7b7370fd5b55c1d3

smarek avatar Jul 29 '20 14:07 smarek

BTW, can the dissector generator either be a separate project from Hytera Homebrew Bridge, or even better a part of KSC (wireshark dissectors target is a long awaited item in the wishlist).

KOLANICH avatar Aug 07 '20 05:08 KOLANICH

@KOLANICH It should be, kaitai-to-wireshark is not really generator, as it does not reflect upon KSC definitions and hierarchy, and what I'm coding here is not generator either

if the KSC Lua runtime will be compatible with Lua 5.2, it should be doable, however I'm really unqualified in Lua, and it seems to me, that the dissector must be generated directly from KSC definitions, and it's not possible to just wrap around generated Lua classes.

smarek avatar Aug 07 '20 07:08 smarek

It largery depends on the API Wireshark exposes and on availibility of "debug" code generation for lua target.

More precisely, debug API allows to get offsets for each seq member. I have built upon "debug" API a tool generating tags for WxHexEditor

KOLANICH avatar Aug 07 '20 15:08 KOLANICH

I might have dive depper into debug, because I hoped for some kind of object introspection/reflection on java/python to generate the final lua, instead of using the generated lua and wrapping around them

smarek avatar Aug 09 '20 16:08 smarek

But seeing the tests Translator, it might be easier to write similar Wireshark translator instead

smarek avatar Aug 11 '20 09:08 smarek

I've just updated ksy definitions and Lua runtime as well, so now it should be quite easy to finish that, but I'd still appreciate any help on that

smarek avatar Oct 17 '20 20:10 smarek