Write wireshark extension for mavlink

Write wireshark plugin to parse and display mavlink protocol. Plugin can be write with lua script language or C/C++

install and config wireshark to run as non root user

sudo apt install wireshark

# Config wireshark to run as non root user
sudo groupadd wireshark
sudo usermod -a -G wireshark $USER
sudo chgrp wireshark /usr/bin/dumpcap
sudo chmod o-rx /usr/bin/dumpcap
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/dumpcap
sudo getcap /usr/bin/dumpcap

Logout and login again
Note: the command: sudo dpkg-reconfigure wireshark-common not working for me

Hello lua - Wireshark dissector

Dissector are meant to analyze some part of a packet's data

Create file hello.lua
paste

print "hello lua\n\n\n"

tshark -v -Xlua_script:<path>/hello.lua
#output
ne/Tools/wireshark/hello.lua
hello lua



TShark (Wireshark)

Mavlink 2.0 protocol structure

MAVLink 2 Packet Format

Lua dissector

-- 
mavlink_protocol = Proto("Mavlink", "Mavlink protocol")

mavlink_protocol.fileds = {}

-- call for every packet
-- buffer: packet data to dissect
-- pinfo: columns of the packt 
-- tree: packet tree items
function mavlink_protocol.dissector(buffer, pinfo, tree)
    length = buffer:len()
    if length == 0 then return end

    -- change protocol column value from tcp to Mavlink
    pinfo.cols.protocol = mavlink_protocol.name

    -- Add subtree item 
    local subtree = tree:add(mavlink_protocol, buffer(), "Mavlink protocol data")
end
-- Assign protocol to port
local udp_port = DissectorTable.get("udp.port")
udp_port:add(15540, mavlink_protocol)

source poc

poc source code

Test in wireshark

wireshark -i lo -f "udp port 14540" -Xlua_script:<path>/mavlink.lua

Using mavlink generator

MAVLink generator tool

XML: select target XML from mavlink/message_definitions/1.0
Out: output directory
Language: wlua
protocolo: 2.0

Note: minimum.xml parse only heartbeat message

Note

Generated code has bug parse msgid (maybe data from pixhawk are little endian) for know changed the code

rshift to lshift
shidt index 2,3 and not 1,2

local msgidt1 = buffer(offset,1):uint()
offset = offset + 1
local msgidt2 = buffer(offset,1):uint()
offset = offset + 1
local msgidt3 = buffer(offset,1):uint()
msgidt1 = bit.rshift(msgidt1, 8)
msgidt2 = bit.rshift(msgidt2, 16)
msgid = msgidt1+msgidt2+msgidt3
header:add(f.msgid, msgid)

local msgidt1 = buffer(offset,1):uint()
offset = offset + 1
local msgidt2 = buffer(offset,1):uint()
offset = offset + 1
local msgidt3 = buffer(offset,1):uint()
msgidt2 = bit.lshift(msgidt2, 8)
msgidt3 = bit.lshift(msgidt3, 16)
msgid = msgidt1+msgidt2+msgidt3
header:add(f.msgid, msgid)

Tip: run SITL without gui

gazebo
jmavsim

Gazebo

run without gui

HEADLESS=1 make posix_sitl_default gazebo_<model>

jMAVsim

Disabled jmavsim GUI

setViewType(VIEW_TYPE);
setZoomMode(ZOOM_MODE);
setVisible(true); // -> setVisible(false)
splitPane.resetToPreferredSizes();
toggleReportPanel(false);
resetView();

Compile jmavsim from <>/Firmware/Tools/jMAVSim run ant to compile java
Run SITL

make posix_sitl_default jmavsim

Resource

Creating a Wireshark dissector in Lua - part 1

Me and the robots

Thursday, November 15, 2018

MAVLink wireshark lua plugins