using ssl_starttls_ack from Dissector written in LUA

asked 2025-07-04 15:47:19 +0000

Mario Klebsch gravatar image

updated 2025-07-04 15:51:08 +0000

Hello,

I have an exsiting dissector for a custom protocol written in LUA. Now, this protocol is extended and get a starttls-command and I have to adopt the dissector to the new protocol.

From inspecting wireshark source code, I found, that I need to call ssl_starttls_ack() and pass three arguments to that function.

  • The first parameter required is the tls handle, that can be obtained by invoking find_dissector("tls").
  • The second parameter is the pinfo, which is passed to the dissector.
  • The third parameter is the handle of my custom protocol.

But how can I do all this in a dissector, written in LUA?

1. What is the LUA equivalent to calling find_dissector("tls") in C?

It looks that this can ba done in LUA using Dissector.get("tls").

2. How do I get the handle of my own dissector. In C the handle is the return value of register_dissector().

I can find a call to register_dissector() in DissectorTable_add_for_decode_as(), which implements the method add_for_decode_as of DissectorTable, but htat method does not return that handle and semms to be intended for other purposes.

Proto_set_dissector() also calls register_dissector(), but does not pass the handle back to LUA.

3. how to call ssl_starttls_ack() from LUA?

I have found https://lists.wireshark.org/archives/... mentioning a commit from 2016, probably https://github.com/wireshark/wireshar....

But that does not seem to affect LUA in any way.

Any help would be apreciated.

73, Mario

P.S.: For my analysis, I inspected the source code of wireshark-4.2.2.

edit retag flag offensive close merge delete