Ask Your Question
0

Help needed with DissectorTable

asked 2020-09-03 16:01:13 +0000

DavidA_2018 gravatar image

Hi, I wrote a lua dissector about a year ago and have forgotten some of my understanding of how dissectors work. The Ethernet packet I need to dissect has the following structure (simplified):

  • TransportHeader (which includes MessageType and PayloadLength fields)
  • Message (of type: MessageType and of length: PayloadLength)

I have a top-level 'general.lua' file that parses the TransportHeader and which creates a DissectorTable. The next level dissector (for the specific message type) is invoked by calling:

xran_dissector_table:try(ecpriMessage, buffer(8):tvb(),pinfo,tree)

My problem is that the lower level dissector currently doesn't know the length of Message. (The buffer passed to it contains the message and some padding). I can see two possibilities:

  1. Pass PayloadLength to the lower level dissector
  2. Limit the buffer passed to the lower level dissector to length PayloadLength

I don't know how to do either of these. Which would be the best solution and how would I do it?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-09-03 19:52:52 +0000

cmaynard gravatar image

I don't know how to do #1, "Pass PayloadLength to the lower level dissector", but to do #2, I think you can just generate a TvbRange from the original Tvb, and then make a new Tvb from the TvbRange, like so:

xran_dissector_table:try(ecpriMessage, buffer:range(8, PayloadLength):tvb(),pinfo,tree)

Refs:

edit flag offensive delete link more

Comments

Thanks, that solved my problem.

DavidA_2018 gravatar imageDavidA_2018 ( 2020-09-04 08:41:34 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2020-09-03 16:01:13 +0000

Seen: 594 times

Last updated: Sep 03 '20

Related questions

Add custom option to toolbar in wireshark GUI

Testing Lua Dissectors [closed]

lua dissector bind a Protocolfield treeitem to existing protocol in wireshark

Dynamic mask in LUA ProtoFields

Lua - Get string for a ProtoField that uses a lookup table

How to maintain a packetfile specific var?

How to keep the Lua console open when reloading Lua dissectors?

What's the "frame.packet_id" field?

Lua API: How to update ethernet type display name?

Trouble converting string number to number with tonumber() function on [closed]