Some hackish approach gave me expected result: message got force-decoded with
proper type.
Not sure
1. where to get correct gRPC payload start
2. Where to get correct gRPC message type
(currently hard-coded both)
--[[
Copyright (C) 2021 Alexander Petrossian (PAF) <p...@yandex.ru>, 2021
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
--]]
-------------------------------------------------------------------------
local protobuf_post_info =
{
version = "1.0",
author = "Alexander Petrossian",
description = "Protobuf Postdissector that fully expands payload",
}
set_plugin_info(protobuf_post_info)
local protobuf_post = Proto("ProtobufPost", "Protobuf Postdissector")
protobuf = Dissector.get("protobuf")
function protobuf_post.dissector(tvbuf, pinfo, tree)
range = tvbuf:range(0x66, hdr_size)
newtvb = range:tvb()
pinfo.private.pb_msg_type = 'message,ru.beeline.services.Request'
num_bytes = protobuf:call(newtvb, pinfo, tree)
end
register_postdissector(protobuf_post)
PAF
> 23 дек. 2021 г., в 20:40, Alexander Petrossian <p...@yandex.ru> написал(а):
>
> Friends, currently when gRPC plugin fails to get content-type header value it
> stops and does not invoke Protobuf dissector, which makes me sad:
>
> http2_content_type = http2_get_header_value(pinfo,
> HTTP2_HEADER_CONTENT_TYPE, FALSE);
> if (http2_content_type == NULL || http2_path == NULL) {
> return; /* not continue if there is not enough grpc information */
> }
>
> Thing is, traces are more often recorded without start of communication.
> And even when gRPC body is there, content-type field was compressed and can
> not be decompressed = http2_get_header_value returns NULL.
>
> Could one do some workaround in Lua right now?
> Somehow force gRPC hand to invoke Protobuf dissector even without
> content-type: application/grpc.
>
> I’m thinking of wedging between dissectors and provide some default value of
> content-type or some such. But that approach seems vague. Any ideas on it or
> other?
>
> Thanks in advance!
> PAF
>
> P.S. I’ve suggested a seemingly trivial untested workaround in C here
> https://gitlab.com/wireshark/wireshark/-/issues/17793
>
> Right now I’m interested in some Lua approach that we could employ without
> recompilings...
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
