This can be a ISBN number +# or the project homepage. +#epub_identifier = '' + +# A unique identification for the text. +#epub_uid = '' + +# A tuple containing the cover image and cover page html template filenames. +#epub_cover = () + +# HTML files that should be inserted before the pages created by sphinx. +# The format is a list of tuples containing the path and title. +#epub_pre_files = [] + +# HTML files shat should be inserted after the pages created by sphinx. +# The format is a list of tuples containing the path and title. +#epub_post_files = [] + +# A list of files that should not be packed into the epub file. +#epub_exclude_files = [] + +# The depth of the table of contents in toc.ncx. +#epub_tocdepth = 3 + +# Allow duplicate toc entries. +#epub_tocdup = True + +# Highlight PHP without starting `_, +and put it in one of Wireshark's plugin paths. + +.. note:: + + Usually, Wireshark loads plugins from ``~/.config/wireshark/plugins`` and + ``/usr/lib/wireshark/plugins/``. You can check what directories + Wireshark checks by going into Help -> About -> Folders. + +From source +~~~~~~~~~~~ + +Building from source requires as an additional prerequisite luarocks and the +luafilesystem module to be installed. + +To boostrap the library in one coalesced file, and install it to +``~/.config/wireshark/plugins``, run from the project directory: + +.. code-block:: bash + + $ make install + +If you prefer to install it in another location, set the variable ``WS_PLUGIN_DIR``. +For instance, to install wssdl in the system plugin path for Wireshark 2.2.0: + +.. code-block:: bash + + $ sudo make WS_PLUGIN_DIR=/usr/lib/wireshark/plugins/2.2.0 install diff --git a/doc/specifiers.rst b/doc/specifiers.rst new file mode 100644 index 0000000..7087c1b --- /dev/null +++ b/doc/specifiers.rst @@ -0,0 +1,130 @@ +.. _specifiers: + +Specifier reference +=================== + +Primitive Field Types +--------------------- + +=========== ==================================================================== +Type Description +=========== ==================================================================== +u8() Unsigned 8-bit integer. +----------- -------------------------------------------------------------------- +u16() Unsigned 16-bit integer. +----------- -------------------------------------------------------------------- +u24() Unsigned 24-bit integer. +----------- -------------------------------------------------------------------- +u32() Unsigned 32-bit integer. +----------- -------------------------------------------------------------------- +u64() Unsigned 64-bit integer. +----------- -------------------------------------------------------------------- +i8() Signed 8-bit integer. +----------- -------------------------------------------------------------------- +i16() Signed 16-bit integer. +----------- -------------------------------------------------------------------- +i24() Signed 24-bit integer. +----------- -------------------------------------------------------------------- +i32() Signed 32-bit integer. +----------- -------------------------------------------------------------------- +i64() Signed 64-bit integer. +----------- -------------------------------------------------------------------- +int(N) Unsigned ``N``-bit integer. If ``N`` isn't specified, the size of + the field becomes the remaining payload size. + ``N`` cannot be larger than 64-bits. +----------- -------------------------------------------------------------------- +uint(N) Unsigned ``N``-bit integer. If ``N`` isn't specified, the size of + the field becomes the remaining payload size. + ``N`` cannot be larger than 64-bits. +----------- -------------------------------------------------------------------- +f32() 32-bit floating-point value. +----------- -------------------------------------------------------------------- +f64() 64-bit floating-point value. +----------- -------------------------------------------------------------------- +utf8(N) UTF8-encoded string w/ a length of ``N`` code units. If ``N`` + isn't specified, the size of the field becomes the remaining + payload size. + If used, the field must be aligned on an octet boundary. +----------- -------------------------------------------------------------------- +utf8z() Null-terminated UTF8-encoded string. + If used, the field must be aligned on an octet boundary. +----------- -------------------------------------------------------------------- +utf16(N) UTF16-encoded string w/ a length of ``N`` code units. If ``N`` + isn't specified, the size of the field becomes the remaining + payload size. + If used, the field must be aligned on an octet boundary. +----------- -------------------------------------------------------------------- +utf16z() Null-terminated UTF16-encoded string. + If used, the field must be aligned on an octet boundary. +----------- -------------------------------------------------------------------- +bytes(N) Byte buffer with a size of ``N`` octets. If ``N`` isn't specified, + the size of the field becomes the remaining payload size. + If used, the field must be aligned on an octet boundary. +----------- -------------------------------------------------------------------- +bits(N) Bits buffer with a size of ``N`` bits. + ``N`` cannot be larger than 64-bits. +----------- -------------------------------------------------------------------- +bool(N) Boolean value with a size of ``N`` bits. If ``N`` isn't specified + the size of this field is 1 bit. + A field value of zero means False, while non-zero means True. +----------- -------------------------------------------------------------------- +bit() A single bit. +----------- -------------------------------------------------------------------- +ipv4() IPv4 address. + If used, the field must be aligned on an octet boundary. +----------- -------------------------------------------------------------------- +ipv6() IPv6 address. + If used, the field must be aligned on an octet boundary. +=========== ==================================================================== + +Special Field Types +------------------- + +User Types +~~~~~~~~~~ + +Any variable declared with ``wssdl.packet`` can be used as a field type. + +Payload Type +~~~~~~~~~~~~ + +The special payload type is used for packets that contains data that needs to +be subdissected by another registered dissector. The specifier comes in three +prototypes: + +* ``payload { }`` + +* ``payload { , }`` + +* ``payload { , , }`` + +Where ```` is the field that should be used as the value to lookup the +dissector table entry, ```` is the dissector table identifier, and +```` is the size of the field in octets. + +If ```` is nil or unspecified, then the dissector table identifier becomes +``.``. + +If ```` is nil or unspecified, then the size of the field becomes the +remaining packet size. + +Other specifiers +---------------- + +================== ============================================================= +Type Description +================== ============================================================= +le() Parse the field as little-endian. The following types + support little-endian: u8, u16, u24, u32, u64, i8, i16, i24, + i32, i64, int, uint, f32, f64, utf16, utf16z, ipv4. +------------------ ------------------------------------------------------------- +dec() Use a decimal format for the integer field (default) +------------------ ------------------------------------------------------------- +hex() Use a hexadecimal format for the integer field +------------------ ------------------------------------------------------------- +oct() Use an octal format for the integer field +------------------ ------------------------------------------------------------- +name(str) Set the display name of the field to ``str``. +------------------ ------------------------------------------------------------- +description(str) Set the description of the field to ``str``. +================== ============================================================= diff --git a/doc/starter.rst b/doc/starter.rst new file mode 100644 index 0000000..b192258 --- /dev/null +++ b/doc/starter.rst @@ -0,0 +1,60 @@ +Getting started +=============== + +Packet definition +----------------- + +The ``packet`` function is used to define the structure of your packet. + +This function takes a sequence of comma/semicolon-separated fields, with each +field using the `` : (params) ... : specifierN(params)`` +syntax, where ```` is an lua identifier for the field that is unique +in the current definition scope; and where each ```` is a wssdl +specifier, one of which must be a field type. + +See :ref:`specifiers` for a complete list of specifiers. + +.. code-block:: lua + :name: Example + + local wssdl = require 'wssdl' + + my_pkt = wssdl.packet { + foo : u8(); + bar : i32(); + baz : utf8(256); + } + +Creating a protocol +------------------- + +A ``Proto`` object can be created by calling the ``proto(name, description)`` +method on the created packet type: + +.. code-block:: lua + + my_pkt = wssdl.packet { ... } + + proto = my_pkt:proto('proto_id', 'Some protocol') + +The protocol name and description are passed verbatim to wireshark and as such +**must** both be unique. + +Registering a dissector +----------------------- + +The ``dissect`` function can be used to register one or more protocols in their +relevant dissector tables. + +This function takes a sequence of dissector table mappings. Each mapping +follows the following syntax: ``: { }``, where +```` is the identifier of the desired dissector table, ```` is either ``set`` or ``add`` (which holds the semantics of ``DissectorTable:set`` and ``DissectorTable:add`` respectively), and ```` are key/value entries where the key is the first parameter of ``set/add`` and the value is the proto object passed as second parameter. + +.. code-block:: lua + :name: Registering a TCP protocol on port 1234 + + wssdl.dissect { + tcp.proto:add { + [1234] = my_pkt:proto('proto_id', 'Some protocol') + } + }