This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to use Lua to write multi protocol dissector plugin

0

I am writing an XLES protocol dissector, but this protocol is in the payload of LAPV5, so I have to write the LAPV5 dissector first. How do I connect the two protocols?

I wrote something like this:

udp_encap_table = DissectorTable.get("udp.port")
udp_encap_table:add(49152,lapV5Proto)

lapV5DessectorTable = DissectorTable.new("lapv5.data", "lapv5 dissector table",ftypes.STRING,base.none)
lapv5_encap_table = DissectorTable.get("lapv5.data")
lapv5_encap_table:add(".",xlesProto)

But it doesn’t work. XLES only exists when LAPV5 has a payload. Does the pattern argument in DissectorTable.add(pattern,dissector) only support a full match?

asked 03 May ‘12, 19:40

ww2521's gravatar image

ww2521
6114
accept rate: 0%

edited 10 May ‘12, 03:36

helloworld's gravatar image

helloworld
3.1k42041

One Answer:

3

In your case, you would daisy-chain the dissectors. That is, call your XLES dissector directly from your LAPV5 dissector. Try this Lua:

-- ############# 
-- # XLES
-- #############
local proto_xles = Proto("xles", "XLES Protocol")

function proto_xles.dissector(buf, pinfo, tree)
print('XLES', tostring(buf))
end


– #############
– # LAPV5
– #############
local proto_lap5 = Proto("lapv5", "LAPV5 Protocol")


– assume data (i.e., the body) is present only if the packet is
– longer than the header
local HEADER_LEN = 5


function proto_lap5.dissector(buf, pinfo, tree)


if buf:len() > HEADER_LEN then
    -- create a new buffer containing only the XLES data,
    -- and pass it to the XLES dissector
    Dissector.get("xles"):call(buf(HEADER_LEN):tvb(),  pinfo, tree)
end



end


– install LAPV5 dissector at UDP port 49152
DissectorTable.get("udp.port"):add(49152, proto_lap5)

answered 10 May ‘12, 03:41

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

hi, that works. Thanks for your help.

(11 May ‘12, 23:39) ww2521