Ask Your Question
0

Dissector table doesn't exist while registering subdissector for ZMTP

asked 2023-08-09 09:25:04 +0000

Unda gravatar image

updated 2023-08-09 09:32:33 +0000

I'm trying to create an "out-of-tree" dissector plugin for my protocol:

-- Register a subdissector "my_subdissector" to the ZMTP protocol table for TCP port 1234
local zmtp = DissectorTable.get("zmtp.protocol")
zmtp:add(1234, my_subdissector_proto)
-- Register the ZMTP dissector as the default for that TCP port (so no "decode as" is needed)
local zmtp_dissector = Dissector.get("zmtp")
local tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(1234, zmtp_dissector)

So I guess basically it provides a table called zmtp.protocol in which I need to register my own dissector.

My code is as follows:

#include <config.h>
#include <epan/packet.h>

namespace impl
{

static int proto = -1;
static dissector_handle_t handle;

static int dissect(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    proto_tree_add_protocol_format(tree, proto, tvb, 0, -1, "This is Toto, a Wireshark dissector plugin prototype");
    return tvb_captured_length(tvb);
}

static void proto_register()
{
    proto = proto_register_protocol("Toto protocol", "Toto", "toto");
    handle = create_dissector_handle(&dissect, proto);
}

static void plugin_reg_handoff()
{
    dissector_add_uint("zmtp.protocol", 23456, handle);
}

}

extern "C"
{
    char plugin_version[] = "0.0.1";
    int plugin_want_major = VERSION_MAJOR;
    int plugin_want_minor = VERSION_MINOR;

    void plugin_register()
    {
        static proto_plugin plug;

        plug.register_protoinfo = impl::proto_register;
        plug.register_handoff = impl::plugin_reg_handoff;
        proto_register_plugin(&plug);
    }
}

When I launch Wireshark from the command line, I get the following message:

OOPS: dissector table "zmtp.protocol" doesn't exist
Protocol being registered is "Toto protocol"

Both plugins seem to be correctly registered by Wireshark when I look at Help > About Wireshark > Plugins. Plus I named them so that the Lua dissector appears before mine in the list.

Can someone point me to the right direction?

EDIT: the Lua dissector seems to be working fine, I can Decode As... > ZMTP and it does a great job.

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2024-03-25 09:32:14 +0000

MartinM gravatar image

I have a draft change (https://gitlab.com/wireshark/wireshar...) to create a built-in/C dissector for ZMTP. It still supports the "zmtp.protocol" table, as well as a port->protocol table in its preferences. Any testing coverage and/or donated capture files for verifying the implementation (particularly some of older / more obscure commands, or mechanisms other than NULL) would be very welcome.

edit flag offensive delete link more
add a comment
0

answered 2023-08-10 09:59:30 +0000

Guy Harris gravatar image

Unfortunately, if a Lua dissector creates a dissector table, then 1) NO compiled dissector can register itself in that table and 2) to allow Lua dissectors to register in that table, all Lua dissectors that register in that dissector table must be in .lua files with names that come after the name of the file containing the Lua dissector that creates the dissector table (which is a bit of a nuisance if the Lua dissector that creates the dissector is in a file named "zmtp-dissector.lua" - you'd have to call the dissector file something such as "zmtp-mysubdissector.lua" or "zzz-mydissector.lua" or...).

This is due to Wireshark issue 15907. Fixing that in a way that still allows existing Lua dissectors to work without change will take some effort.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2023-08-09 09:25:04 +0000

Seen: 950 times

Last updated: Mar 25 '24

Related questions

Can I create a subdissector based on CAN ID?

how to invert two bytes in lua script dissector ?

How do I get and display packet data information at a specific byte from the first byte?

why protocol is not showing as HTTP even though we sent http request ?

Adjusting Bit order and Endianess in LUA between Dissectors

How do I add "child item" to an item in the subtree?

PRP Dissector and FCS

Use a UDP payload dissector depending on ip addresses

Reuse (part of) a Wireshark Dissector

Heuristic dissector not called