Ask Your Question
0

Dissector table doesn't exist while registering subdissector for ZMTP

asked 2023-08-09 09:25:04 +0000

Unda gravatar image

updated 2023-08-09 09:32:33 +0000

I'm trying to create an "out-of-tree" dissector plugin for my protocol:

-- Register a subdissector "my_subdissector" to the ZMTP protocol table for TCP port 1234
local zmtp = DissectorTable.get("zmtp.protocol")
zmtp:add(1234, my_subdissector_proto)
-- Register the ZMTP dissector as the default for that TCP port (so no "decode as" is needed)
local zmtp_dissector = Dissector.get("zmtp")
local tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(1234, zmtp_dissector)

So I guess basically it provides a table called zmtp.protocol in which I need to register my own dissector.

My code is as follows:

#include <config.h>
#include <epan/packet.h>

namespace impl
{

static int proto = -1;
static dissector_handle_t handle;

static int dissect(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    proto_tree_add_protocol_format(tree, proto, tvb, 0, -1, "This is Toto, a Wireshark dissector plugin prototype");
    return tvb_captured_length(tvb);
}

static void proto_register()
{
    proto = proto_register_protocol("Toto protocol", "Toto", "toto");
    handle = create_dissector_handle(&dissect, proto);
}

static void plugin_reg_handoff()
{
    dissector_add_uint("zmtp.protocol", 23456, handle);
}

}

extern "C"
{
    char plugin_version[] = "0.0.1";
    int plugin_want_major = VERSION_MAJOR;
    int plugin_want_minor = VERSION_MINOR;

    void plugin_register()
    {
        static proto_plugin plug;

        plug.register_protoinfo = impl::proto_register;
        plug.register_handoff = impl::plugin_reg_handoff;
        proto_register_plugin(&plug);
    }
}

When I launch Wireshark from the command line, I get the following message:

OOPS: dissector table "zmtp.protocol" doesn't exist
Protocol being registered is "Toto protocol"

Both plugins seem to be correctly registered by Wireshark when I look at Help > About Wireshark > Plugins. Plus I named them so that the Lua dissector appears before mine in the list.

Can someone point me to the right direction?

EDIT: the Lua dissector seems to be working fine, I can Decode As... > ZMTP and it does a great job.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2024-03-25 09:32:14 +0000

MartinM gravatar image

I have a draft change (https://gitlab.com/wireshark/wireshar...) to create a built-in/C dissector for ZMTP. It still supports the "zmtp.protocol" table, as well as a port->protocol table in its preferences. Any testing coverage and/or donated capture files for verifying the implementation (particularly some of older / more obscure commands, or mechanisms other than NULL) would be very welcome.

edit flag offensive delete link more
0

answered 2023-08-10 09:59:30 +0000

Guy Harris gravatar image

Unfortunately, if a Lua dissector creates a dissector table, then 1) NO compiled dissector can register itself in that table and 2) to allow Lua dissectors to register in that table, all Lua dissectors that register in that dissector table must be in .lua files with names that come after the name of the file containing the Lua dissector that creates the dissector table (which is a bit of a nuisance if the Lua dissector that creates the dissector is in a file named "zmtp-dissector.lua" - you'd have to call the dissector file something such as "zmtp-mysubdissector.lua" or "zzz-mydissector.lua" or...).

This is due to Wireshark issue 15907. Fixing that in a way that still allows existing Lua dissectors to work without change will take some effort.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-08-09 09:25:04 +0000

Seen: 670 times

Last updated: Mar 25