Loading required modules

In order to create a smtp dissector, we create a new file (smtp.lua) and save it in a location that will be used later as a path for all Haka scripts requiring this dissector.

The first step it to load the required packages and initialize the dissector module:

local class = require('class')
local tcp_connection = require('protocol/tcp_connection')

local module = {}

Note that we load the tcp_connection module since we built a smtp dissector over tcp protocol.

Creating the dissector

Next, we create the dissector by specifying its name and its type:

local SmtpDissector = haka.dissector.new{
    type = tcp_connection.helper.TcpFlowDissector,
    name = 'smtp'

We select a tcp_connection.helper.TcpFlowDissector type since smtp communications are flow-based (i.e. multiple packets are exchanged during a smtp session).

Initializing the dissector

The created dissector, namely SmtpDissector, is a particular class.

Before instanciating it, we could define a constructor if needed:

function SmtpDissector.method:__init(flow)
    class.super(SmtpDissector).__init(self, flow)

This constructor function passes its input flow to the dissector type. It will also automatically instanciates our state machine.

Selecting SMTP dissector

At this point, the dissector is created but not yet instaciated. Here, we define two rules which are made available on the dissector module. The former is in fact a security rule which selects, at connection establishment, the dissector to use. The latter, allow a user rule to activate our dissector.

function module.install_tcp_rule(port)

function module.dissect(flow)

Adding extras properties and functions

As stated above, SmtpDissector is a particular class (see Class) on which you can add extra methods and properties. You can refer to this section to get details about how this could be achieved.