Ask Your Question
0

using ssl_starttls_ack from Dissector written in LUA

asked 2025-07-04 15:47:19 +0000

Mario Klebsch gravatar image

updated 2025-07-04 15:51:08 +0000

Hello,

I have an exsiting dissector for a custom protocol written in LUA. Now, this protocol is extended and get a starttls-command and I have to adopt the dissector to the new protocol.

From inspecting wireshark source code, I found, that I need to call ssl_starttls_ack() and pass three arguments to that function.

  • The first parameter required is the tls handle, that can be obtained by invoking find_dissector("tls").
  • The second parameter is the pinfo, which is passed to the dissector.
  • The third parameter is the handle of my custom protocol.

But how can I do all this in a dissector, written in LUA?

1. What is the LUA equivalent to calling find_dissector("tls") in C?

It looks that this can ba done in LUA using Dissector.get("tls").

2. How do I get the handle of my own dissector. In C the handle is the return value of register_dissector().

I can find a call to register_dissector() in DissectorTable_add_for_decode_as(), which implements the method add_for_decode_as of DissectorTable, but htat method does not return that handle and semms to be intended for other purposes.

Proto_set_dissector() also calls register_dissector(), but does not pass the handle back to LUA.

3. how to call ssl_starttls_ack() from LUA?

I have found https://lists.wireshark.org/archives/... mentioning a commit from 2016, probably https://github.com/wireshark/wireshar....

But that does not seem to affect LUA in any way.

Any help would be apreciated.

73, Mario

P.S.: For my analysis, I inspected the source code of wireshark-4.2.2.

edit retag flag offensive close merge delete

Comments

WSDG: 11.3.2. DissectorTable

11.3.2.12. dissectortable:get_dissector(pattern) Try to obtain a dissector from a table.

Arguments
pattern - The pattern to be matched, depending on the table’s type.
Returns - The Dissector handle if found, otherwise nil

epan/wslua/wslua_dissector.c:

WSLUA_METHOD DissectorTable_get_dissector (lua_State *L) {
    /*
     Try to obtain a dissector from a table.
     */

For item 3, search for wrapper or lua wrapper.
I think you would have to make a "C" wrapper that handles being called from Lua which then makes the call to ssl_starttls_ack().

Perhaps there is a way to code this without needing ssl_starttls_ack() ?

Chuckc gravatar imageChuckc ( 2025-07-05 14:51:03 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2025-07-05 22:31:47 +0000

Chuckc gravatar image

If you see value in this, others may also.
Opening a Feature Request would allow more visibility and comments.
(If you open a Gitlab issue please add a link back to this question.)

There are a handful of WS_DLL_PUBLIC functions in packet-tls.h and packet-tls-utils.h.
They could be added as new module to lua similar to the recent work done for wslua_gcrypt.c.

Of if only one or two of the functions are useful, they could be added to WSDG: 11.1. Utility Functions.
A one trick pony like register_stat_cmd_arg(). (6ad83076 : + register_stat_cmd_arg())

edit flag offensive delete link more

Comments

Opening a Feature Request would allow more visibility and comments.

Yes. Currently, there does not appear to be any way to call ssl_starttls_ack() from Lua, so this would have to be added as a new feature. So please file a feature request, so it's in the GitLab issue list and can be tracked and serve as a reminder that somebody asked for it.

(I once worked at a company, which I shall call "The Coverton Computer Company", in which all code changes were tracked with a Purple Anteater Record^W^W^Wbug report/enhancement request; that policy meant there was a central place to track them, so I think filing issues is a Good Idea for feature requests.)

(And we should probably rename most if not all of those routine tls_ rather than ssl_, except for routines such as tls_set_appdata_dissector(), and name the Lua wrappers appropriately.)

They could be ...

(more)
Guy Harris gravatar imageGuy Harris ( 2025-07-06 10:48:51 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2025-07-04 15:47:19 +0000

Seen: 92 times

Last updated: Jul 05