Ask Your Question
0

Enable Decode As for custom Lua dissector payload

asked 2025-02-28 19:18:05 +0000

rgov gravatar image

updated 2025-02-28 19:57:33 +0000

I have a custom dissector written in Lua. One of the fields in my protocol is a payload which may be possible to analyze with a secondary dissector. I would like the user to be able to choose the secondary dissector in the Decode As dialog.

local proto = Proto("myproto", "My Protocol")
proto.fields.payload = ProtoField.bytes("myproto.payload", "Payload")

My understanding is that I need to create and use a DissectorTable:

local dissector_table = DissectorTable.new(
    "myproto.payload",
    nil, -- use default description
    ftypes.NONE
)

function proto.dissector(tvb, pinfo, tree)
    -- Dispatch payload to sub-dissector
    local dissector = dissector_table:get_dissector()
    if dissector then
        dissector:call(tvb:range(0), pinfo, tree)
    end
end

Then, in the second dissector, I write:

local proto2 = Proto("my2ndproto", "My 2nd Protocol")
...

pcall(require, "myproto") -- make sure we load second
local dt = DissectorTable.get("myproto.payload")
if dt then
    dt:add_for_decode_as(proto2)
end

This gets me to the point where I can set up a rule in the Decode As dialog, to dissect myproto.payload with MY2NDPROTO.

However, dissector_table:get_dissector() always returns nil.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2025-02-28 20:38:59 +0000

rgov gravatar image

As of Wireshark 4.4.5, there are two bugs that are hindering this:

  1. DissectorTable:get_dissector() is broken for "payload" dissector tables like this one declared with ftypes.NONE. I submitted merge request #19169.
  2. DissectorTable.new() had a use-after-free bug described in issue #20418 which messed up the Decode As window.

Then, my Lua code had a slight flaw. When calling out to the sub-dissector with dissector:call(), the first argument needs to be a Tvb, not a TvbRange. That requires a minor tweak:

function proto.dissector(tvb, pinfo, tree)
    -- Dispatch payload to sub-dissector
    local dissector = dissector_table:get_dissector()
    if dissector then
        dissector:call(tvb:range(0):tvb(), pinfo, tree)
    end
end
edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-02-28 19:18:05 +0000

Seen: 96 times

Last updated: Feb 28

Related questions

Find dissector table entry responsible for dissector call

Which dissector table to be used for a zigbee cluster

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Error while creating a Lua listener in 2.4.2 with filter

Lua Dumper to variable

http2 decrypted data in tshark lua script

Decode as LUA - how do I do that?

LUA: dissector wide global table

Reuse (part of) a Wireshark Dissector