Ask Your Question

Get index of DissectorTable from a subdissector

asked 2018-05-31 13:10:17 +0000

Cilyan gravatar image

updated 2018-05-31 13:10:31 +0000

I'm developing a custom Lua dissector that uses a custom DissectorTable against a payload type information contained in the header to dissect the payload data. It appears however that payload types can be grouped and a range of payload types can be dissected the same, with small differences.

When adding a subdissector to a tcp.port, I can always check the pinfo.srcport or pinfo.dstport, but how could a subdissector find out or be informed about the custom value that was used to find it in the dissector table?

Is there a way to add information to either the pinfo or tree from the parent dissector before the subdissector is called?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2018-05-31 19:28:56 +0000

JeffMorriss gravatar image

Actually the correct way to detect how/why a subdissector is being called is to use the pinfo->match_uint or match_string fields. These will tell you, to quote the comment in packet_info.h, the "matched uint for calling subdissector from table".

I don't know the Lua API enough to know if that field is exposed to Lua dissectors but I would hope it is...

edit flag offensive delete link more


Thanks a lot. This works actually wonderful. Though according to the official example I used the table to get the dissector and then call it, of course this wouldn't work. One needs to call DissectorTable:try so that the parameter is set properly. Otherwise, one gets the value that was used to call the parent dissector, e.g. the tcp port.

Cilyan gravatar imageCilyan ( 2018-05-31 19:56:45 +0000 )edit

answered 2018-05-31 13:27:48 +0000

grahamb gravatar image

This might be a limitation in Lua.

In C, you can use the data parameter of a dissector, to pass a pointer to your own data structure. Obviously both caller and calle must know how the data is structured as it's passed as a void*, but I don't see that parameter in the Lua API.

edit flag offensive delete link more


Thanks for the quick reply. Indeed. I created a subdissector that would accept an additional parameter, but I get nil on it. Any chance to get an improvement or use another method? I can't consider implementing the protocol in C for the moment, unfortunately.

Cilyan gravatar imageCilyan ( 2018-05-31 17:49:09 +0000 )edit

Ideally the Lua API would be updated to match the C one, patches gratefully accepted.

I'm not aware of anything else that can be done, but that doesn't mean there isn't a solution, I'm a Lua novice.

grahamb gravatar imagegrahamb ( 2018-05-31 18:10:18 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-05-31 13:10:17 +0000

Seen: 31 times

Last updated: May 31