Getting started

Packet definition

The packet function is used to define the structure of your packet.

This function takes a sequence of comma/semicolon-separated fields, with each field using the <field_id> : <specifier1>(params) ... : specifierN(params) syntax, where <field_id> is an lua identifier for the field that is unique in the current definition scope; and where each <specifier> is a wssdl specifier, one of which must be a field type.

See Specifier reference for a complete list of specifiers.

local wssdl = require 'wssdl'

my_pkt = wssdl.packet {
    foo : u8();
    bar : i32();
    baz : utf8(256);
}

Creating a protocol

A Proto object can be created by calling the proto(name, description) method on the created packet type:

my_pkt = wssdl.packet { ... }

proto = my_pkt:proto('proto_id', 'Some protocol')

The protocol name and description are passed verbatim to wireshark and as such must both be unique.

Registering a dissector

The dissect function can be used to register one or more protocols in their relevant dissector tables.

This function takes a sequence of dissector table mappings. Each mapping follows the following syntax: <key>:<method> { <keyvalues> }, where <key> is the identifier of the desired dissector table, <method> is either set or add (which holds the semantics of DissectorTable:set and DissectorTable:add respectively), and <keyvalues> are key/value entries where the key is the first parameter of set/add and the value is the proto object passed as second parameter.

wssdl.dissect {
  tcp.proto:add {
    [1234] = my_pkt:proto('proto_id', 'Some protocol')
  }
}