Generic UDP Encapsulation (GUE) Dissector for Wireshark

gue.lua

local gue = Proto("gue", "Generic UDP Encapsulation")

local pf_variant = ProtoField.uint8("gue.variant", "Variant", base.DEC, nil, 0x3)
local pf_control = ProtoField.bool("gue.control", "Control Message", 8, nil, 0x4)
local pf_hlen = ProtoField.uint8("gue.hlen", "Header Length", base.DEC, nil, 0xf8)
local pf_proto = ProtoField.uint8("gue.proto", "Protocol", base.DEC)
local pf_flags = ProtoField.uint16("gue.flags", "Flags", base.HEX)

gue.fields = { pf_variant, pf_control, pf_hlen, pf_proto, pf_flags }

local hlen_field = Field.new("gue.hlen")
local control_field = Field.new("gue.control")
local proto_field = Field.new("gue.proto")

function gue.dissector(tvbuf,pktinfo,root)
    pktinfo.cols.protocol:set("GUE")
    local pktlen = tvbuf:reported_length_remaining()
    local tree = root:add(gue, tvbuf:range(0, pktlen))
    if pktlen < 4 then
        return
    end
    tree:add(pf_variant, tvbuf:range(0,1))
    tree:add(pf_control, tvbuf:range(0,1))
    tree:add(pf_hlen, tvbuf:range(0,1))
    local hlen = hlen_field()() * 4 + 4
    if pktlen < hlen then
        return
    end
    if not control_field()() then
        tree:add(pf_proto, tvbuf:range(1,1))
        tree:add(pf_flags, tvbuf:range(2,2))
        local inner = tvbuf:range(hlen, pktlen-hlen):tvb()
        return hlen + DissectorTable.get("ip.proto"):try(proto_field()(), inner, pktinfo, root)
    else 
        tree:add(pf_flags, tvbuf:range(2,2))
        return hlen
    end
end

DissectorTable.get("udp.port"):add(6080, gue)