This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Calling Lua Dissectors from Lua Dissector

0
1

I'm dealing with two custom protocols that use the same GRE protocol type. Each protocol currently has a separate Lua dissector (I'd like to keep it this way). I'm writing a script in Lua to perform some heuristics to determine which of the custom protocols is being used, with the idea that I'll pass the packet off to the appropriate Lua dissector. I've got all of the heuristics written, but I can't quite figure how to call a dissector written in Lua from another dissector written in Lua. Do I need to create a new DissectorTable? How are the (final) two dissectors referenced (dofile in the new dissector, etc.)? Any pointers you can provide would be appreciated.

Thanks.

asked 11 Feb '13, 16:15

krach09's gravatar image

krach09
11123
accept rate: 0%

edited 11 Feb '13, 18:13

helloworld's gravatar image

helloworld
3.1k42041

One Answer:

1

You should use Dissector.get, which looks up the registered dissector by name -- no matter where you registered it (Lua or C). Then, use Dissector:call, passing the payload to be dissected (along with the packet info and protocol tree node).

From similar question:

function proto_lap5.dissector(buf, pinfo, tree)
    if buf:len() > HEADER_LEN then
        -- create a new buffer containing only the XLES data,
        -- and pass it to the XLES dissector
        Dissector.get("xles"):call(buf(HEADER_LEN):tvb(), pinfo, tree)
    end
end

answered 11 Feb '13, 18:11

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

edited 11 Feb '13, 18:17

Since I am dealing with multiple custom protocols on top of the same GRE protocol type, how do I register all of the LUA dissectors at the same time without them conflicting?

(11 Feb '13, 19:06) krach09

You just need to use unique names for the dissectors in their Proto declarations (this is a requirement anyway).

(11 Feb '13, 19:58) helloworld

They are all using unique names. But if I have the following listed in init.lua:

dofile("file0.lua")
dofile("file1.lua")
dofile("file2.lua")

How does Wireshark know that file0.lua contains the logic to determine wether file1.lua or file2.lua should be used as the dissector?

(12 Feb '13, 06:28) krach09

I figured it out ... thanks.

(12 Feb '13, 09:50) krach09

Hi,

I am facing a similar issue. Can you please explain.

(14 Dec '16, 06:03) spark