Ask Your Question

Revision history [back]

It sounds like what you need is to create your own DissectorTable. The dissectortable allows you to map your payload to the correct parser based on a parameter. This is the same behavior you are using to trigger your protobuf dissector from the tcp dissectortable:

DissectorTable.get("tcp.port"):add(0, proto)

In your case, sounds like in your top-level protobuf protocol lua file, you should create a new dissectortable in the lua file for the operation message.

DissectorTable.new('myoperation.type')

Then, create another Proto() for each of your messages. each of these message protocols will get the 'myoperation.type' dissectorTable and add a mapping using their 'type'. I do this in a .init() function so that you can put each protocol into its own file:

newmessage_proto = Proto('newmessage', 'this is the message used when type is 0x02')
newmessage_contents = ProtoField.bytes('message payload','msgpayload', base.NONE)
newmessage_proto.fields = {newmessage_contents}

function newmessage_proto.init()
    Dissectortable.get('myoperation.type'):add(0x02,newmessage_proto)
end

function newmessage_proto.dissector(tvb, pinfo, tree)
    ...do your dissection stuff for newmessage here..
end

Back in your top-level protobuf protocol file, inside of your .dissector function, you're going to consult the 'myoperation.type' dissectortable to find the appropriate sub-dissector based on the 'type'. I could not find in your example above exactly where you are extracting the 'type' field from, but 

    -- todo: extract type
    local type = 0x02
    local dissector = DissectorTable.get('myoperation.type'):getDissector(type)

    if dissector ~= nil then
            -- Dissector was found, invoke subdissector with a new Tvb,
            -- update this to pass the right buffer range to your sub-dissector.
            dissector:call(buf(2):tvb(), pkt, tree)
    else
            -- fallback dissector that just shows the raw data.
            data_dis:call(buf(2):tvb(), pkt, tree)
    end

somewhat similar example which shows one protocol using the dissector table to determine how to decode its payload: https://www.wireshark.org/docs/wsdg_html_chunked/wslua_dissector_example.html

I hope this helps. i don't have my development env in front of me to test this, and I'm no LUA expert, so please forgive the inevitable syntax errors.

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2