LLUDP Dissector

LLUDP protocol dissector
On this page you will find the Lua code for a wireshark protocol dissector that can parse the message_template.msg file and use that information to decode all the message fields from the Linden UDP protocol.

Installing

 * Requires wireshark with Lua 5.1.x support. See this page for getting wireshark to support lua

on Linux

 * Copy all four source files into ~/.wireshark
 * edit /etc/wireshark/init.lua (or equivalent on your system) and change disable_lua to false (default is true)
 * If you need to run wireshark as the root user or using sudo then you will need to edit the scripts into one file by replacing the dofile("script.lua") calls with the contents of file between the quotes.
 * The other method is to add your user account to the correct group (on Gentoo it is group "wireshark") that will allow your non-root user to capture packets.

on Windows

 * Copy all four source files into your user profiles directory

Vista*

C:\Users\ \AppData\Roaming\Wireshark

XP/2000

C:\Documents and Settings\ \Application Data\Wireshark


 * Edit C:\Program Files\Wireshark\init.lua and change disable_lua to false (default is true)


 * *Note: I have only tested this on Windows XP

LLUDP preferences
There are three preferences that can be changed from wiresharks "Preferences" dialog:
 * Message template file: Full path to the message_template.msg file used to decode message name & details from the packets. On windows XP/Vista use double backslash '\\' instead of single blackslash '\' to separate directories (Example "C:\\Program Files\\SecondLife\\app_settings\\message_template.msg").
 * UDP port range start: First UDP port to mark as LLUDP packets. (default 13000)
 * UDP port range end: Last UDP port to mark as LLUDP packets. (default 13050)

If your OpenSimulator regions are using ports 9000-9050 range then change the UDP port range.

Description of source files

 * "init.lua" -- simple script that loads the "lludp.lua" script.
 * "lludp.lua" -- contains the code that decodes each packet header and decompresses zero-encoded packets. This file uses wireshark only functions for accessing packet bytes and building a tree of information from each packet.
 * "llmessage.lua" -- contains the message_template.msg file parser the decodes the tokens from the lexer into an tree of tables containing all details about each message/block/variable from the template file. This file only has pure lua code.
 * "lexer.lua" -- contains the template file lexer. This lexer knows how to tokenize the template file into the follow tokens: IDENTIFIER, NUMBER, COMMENT, EOL. The stream of tokens produced by this lexer is parsed by the "llmessage.lua" file. This file only has pure lua code.

Code license
This Wireshark dissector maybe used under the terms of the "Simplified BSD License" or the GPL. -- Robert G. Jakabosky  Simplified BSD License: Copyright (c)2011, Robert G. Jakabosky . All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of     conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY "Robert G. Jakabosky" AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL "Robert G. Jakabosky" OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.