自律分散プロトコル仕様書R3.0
http://mstc.or.jp/faop/committee/11b4d681d4059ef7fed08409b8b34e1f2c1c4029.PDF
--[[ Wireshark用 NX/Dlinkプロトコル解析プログラム
ver0.03 2012年2月16日
ver0.02 2012年2月10日
ver0.01 2012年2月1日
江端智一
使用条件
絶対的な意味において無保証
History
Ver 0.03 重複登録を一応回避
Ver 0.02 TCP/UDPデータに"NUXM"があったら、送信ポート番号を調べて
動的にDissectorをWiresharkに登録するようにした
Ver 0.01 とりあえず動作確認のみ
udpポート番号が特定の値に固定されている
フィールドの位置がズレている可能性あり
使い方
(Step.1) c:/Program Files/Wireshark/init.lua の一部を書き換え
(a) disable_lua = true; do return end;
↓
-- disable_lua = true; do return end;
(b) run_user_scripts_when_superuser = false
↓
run_user_scripts_when_superuser = true
(c) 最終行に 以下の一行を追加
"init.lua"と同じディレクトリに置く
dofile("nxdlink.lua")
(Step.2) このファイルを c:/Program Files/Wireshark/ に
"nxdlink.lua"という名前で保存
]]
do
nxdlink_proto = Proto("NXDlink", "nxdlink protocol dissector")
nxdlink_proto.dissector = function(buffer, pinfo, tree)
-- nexus header type : "NUXM"
local hd_h_type_range = buffer(0,4)
local hd_h_type = hd_h_type_range:string()
-- message length ( 16K + 64 )
local hd_ml_range = buffer(4,4)
local hd_ml = hd_ml_range:uint()
-- source protocol address
local hd_sa_range = buffer(8,4)
local hd_sa = hd_sa_range:uint()
-- destination address
local hd_da_range = buffer(12,4)
local hd_da = hd_da_range:uint()
-- boot time stamp
local hd_v_seq_range = buffer(16,4)
local hd_v_seq = hd_v_seq_range:uint()
-- message number
local hd_seq_range = buffer(20,4)
local hd_seq = hd_seq_range:uint()
--[[ /* message control type */
/* UDP_MSG : multicast send */
/* UDP_INQ : multicast inquire */
/* UDP_NIQ : multicast Ninquire */
/* TCP_MSG : peer send */
/* TCP_INQ : peer inquire */
/* TCP_RPL : peer reply */]]
local hd_m_ctl_range = buffer(24,4)
local hd_m_ctl = hd_m_ctl_range:uint()
local control_type = {
[0x80000000] = "UDP_MSG(0x80000000) : multicast send",
[0xa0000000] = "UDP_INQ(0xa0000000) : multicast inquire",
[0x88000000] = "UDP_NIQ(0x88000000) : multicast Ninquire",
[0x40000000] = "TCP_MSG(0x40000000) : peer send",
[0x60000000] = "TCP_INQ(0x60000000) : peer inquire",
[0x50000000] = "TCP_RPL(0x50000000) : peer reply",
}
-- /* inquire ID parameter */
-- /* inquire source address */
local inq_id_range = buffer(28,12)
-- /* transaction code */
local hd_tcd_range = buffer(40,2)
local hd_tcd = hd_tcd_range:uint()
-- /* program version number */
local hd_ver_range = buffer(42,2)
local hd_ver = hd_ver_range:uint()
-- /* future use */
local hd_fu0_range = buffer(44,3)
local hd_fu0 = hd_fu0_range:uint()
-- /* acknowledge request mode */
-- /* PT_REQ : request message */
-- /* PT_ACK : response message */
local hd_pkind_range = buffer(47,1)
local hd_pkind = hd_pkind_range:uint()
-- /* packet seqence number */
local hd_pseq_range = buffer(48,4)
local hd_pseq = hd_pseq_range:uint()
-- /* message mode */
-- /* HEAD_ONLINE : online mode */
-- /* HEAD_TEST : test mode */
local hd_mode_range = buffer(52,2)
local hd_mode = hd_mode_range:uint()
-- /* protocol version number */
-- /* NEXUS_DLINK : NeXUS/Dlink */
-- /* NEXUS_T : NeXUS/T */
local hd_pver_range = buffer(54,1)
local hd_pver = hd_pver_range:uint()
-- /* message service level */
local hd_pri_range = buffer(55,1)
local hd_pri = hd_pri_range:uint()
-- /* current block number */
local hd_cbn_range = buffer(56,1)
local hd_cbn = hd_cbn_range:uint()
-- /* total block number */
local hd_tbn_range = buffer(57,1)
local hd_tbn = hd_tbn_range:uint()
-- /* segmenting block size */
local hd_bsize_range = buffer(58,2)
local hd_bsize = hd_bsize_range:uint()
-- /* future use */
local hd_fu1_range = buffer(60,4)
local hd_fu1 = hd_fu1_range:uint()
-- data
local data_range = buffer(64)
local data = data_range:string()
local subtree = tree:add("NX Dlink Protocol")
-- nexus header type : "NUXM"
subtree:add(hd_h_type_range, "Type:",hd_h_type)
-- message length ( 16K + 64 )
subtree:add(hd_ml_range, "Length:",hd_ml)
-- source protocol address
dispatch_addr("source protocol address:",hd_sa_range, pinfo, subtree)
-- /* destination address */
dispatch_addr("destination address:",hd_da_range, pinfo, subtree)
-- /* boot time stamp */
subtree:add(hd_v_seq_range, "boot time stamp:",hd_v_seq)
-- /* message number */
subtree:add(hd_seq_range,"message number:",hd_seq)
-- /* message control type */
dispatch_cnttype(string.format("message control type: %s",control_type[hd_m_ctl]), hd_m_ctl_range, pinfo, subtree)
-- /* inquire ID parameter */
dispatch_inq("inquire ID parameter:",inq_id_range, pinfo, subtree)
-- /* transaction code */
subtree:add(hd_tcd_range, "transaction code:",hd_tcd)
-- /* program version number */
subtree:add(hd_ver_range, "program version number:",hd_ver)
-- /* future use */
subtree:add(hd_fu0_range, "future use:",hd_fu0)
-- /* acknowledge request mode */
subtree:add(hd_pkind_range, "acknowledge request mode:",hd_pkind)
-- /* packet seqence number */
subtree:add(hd_pseq_range, "packet seqence number:",hd_pseq)
-- /* message mode */
subtree:add(hd_mode_range, "message mode(1:online 0:test) :",hd_mode)
-- /* protocol version number */
subtree:add(hd_pver_range, "NX protocol version number:",hd_pver)
-- /* message service level */
subtree:add(hd_pri_range, "message service level:",hd_pri)
-- /* current block number */
subtree:add(hd_cbn_range, "current block number:",hd_cbn)
-- /* total block number */
subtree:add(hd_tbn_range, "total block number:",hd_tbn)
-- /* segmenting block size */
subtree:add(hd_bsize_range, "segmenting block size:",hd_bsize)
-- /* future use */
subtree:add(hd_fu1_range, "future use:",hd_fu1)
-- data
subtree:add(data_range, "data:",data)
-- dispatch_inq("Data:",data_range, pinfo, subtree)
pinfo.cols.protocol = "NX/Dlink"
pinfo.cols.info = control_type[hd_m_ctl]
end
-- リスナーを定義
function init_listener()
u = {}
t = {}
u_cnt = 1;
t_cnt = 1;
u_bool = true
t_bool = true
-- UDP/TCPデータの中に"NUXM"があったらフックする
tap = Listener.new("frame", "udp contains NUXM or tcp contains NUXM")
function tap.reset()
print("passed tap.reset")
u_cnt = 0;
t_cnt = 0;
end
-- Dissector を Wireshark に追加登録
-- 重複登録問題を(不細工だけけど)以下で対応
function tap.packet(pinfo,tvb,ip)
-- UDPの場合
if ( pinfo.ipproto == 17 ) then
u_flag = 1
for i=0, u_cnt do
if u[i] == pinfo.dst_port then
u_flag = 0
end
end
if u_flag == 1 then
u_cnt = u_cnt + 1
u[u_cnt] = pinfo.dst_port
udp_table = DissectorTable.get("udp.port")
udp_table:add(pinfo.dst_port, nxdlink_proto)
end
-- TCPの場合 (まだ実験前)
elseif ( pinfo.ipproto == 6 ) then
t_flag = 1
for i=0, t_cnt do
if u[i] == pinfo.dst_port then
c_flag = 0
end
end
if t_flag == 1 then
t_cnt = t_cnt + 1
t[t_cnt] = pinfo.dst_port
tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(pinfo.dst_port, nxdlink_proto)
end
end
end
end
init_listener()
end
function dispatch_cnttype(string, buffer, pinfo, subtree)
local subsubtree = subtree:add(buffer(0), string, buffer(0):tvb())
subsubtree:add(buffer(0,1),string.format("%d... .... .... .... .... .... .... .... = multicast flag",buffer(0,1):bitfield(0)))
subsubtree:add(buffer(0,1),string.format(".%d.. .... .... .... .... .... .... .... = unicast flag",buffer(0,1):bitfield(1)))
subsubtree:add(buffer(0,1),string.format("..%d. .... .... .... .... .... .... .... = inquire flag",buffer(0,1):bitfield(2)))
subsubtree:add(buffer(0,1),string.format("...%d .... .... .... .... .... .... .... = reply flag",buffer(0,1):bitfield(3)))
subsubtree:add(buffer(3,1),string.format(".... .... .... .... .... .... .... .%d.. = ack flag(future use)",buffer(3,1):bitfield(5)))
subsubtree:add(buffer(3,1),string.format(".... .... .... .... .... .... .... ...%d = ack flag(future use)",buffer(3,1):bitfield(7)))
end
function dispatch_udp_port(string, buffer, pinfo, subtree)
local subsubtree = subtree:add(buffer(0), string, buffer(0):tvb())
subsubtree:add(buffer(0,2),"source port:", buffer(0,2):uint())
subsubtree:add(buffer(2,2),"destination port:", buffer(2,2):uint())
end
function dispatch_addr(string, buffer, pinfo, subtree)
local subsubtree = subtree:add(buffer(0), string, buffer(0):tvb())
subsubtree:add(buffer(0,1),"Domain Number:", buffer(0,1):uint())
subsubtree:add(buffer(1,1),"Data Field Number:", buffer(1,1):uint())
subsubtree:add(buffer(2,2),"Node Number/Multicast Group Number:", buffer(2,2):uint())
end
function dispatch_inq(string, buffer, pinfo, subtree)
local subsubtree = subtree:add(buffer(0), string, buffer(0):tvb())
subsubtree:add(buffer(0,2), "inquire source address:",buffer(0,2):uint())
subsubtree:add(buffer(2,2), "inquire control block address:",buffer(2,2):uint())
subsubtree:add(buffer(4,2), "inquire ID sequence number:",buffer(4,2):uint())
end