Conditionnal cascaded built-in dissector from a LUA dissector

asked 2025-10-15 07:35:11 +0000

Hello everybody,

I am using Wireshark 4.4.6 and a set of LUA dissectors for CCSDS protocols made by ESA and for which I contributed; see CCSDS Wireshark Dissector.

Among these dissectors, there is a Space Packet Protocol dissector that works fine. A Space Packet includes in his header a field named "Application process identifier" (or APID) which is declared as follows:

f.application_process_identifier = ProtoField.uint16("space_packet_protocol.application_process_identifier", "APID",
base.DEC, nil, 0x007ff)

When this APID has a given value, I would like to call the CFDP built-in dissector on the payload of the Space Packet.

The first problem I have is that

Dissector.get("CFDP")

always return nil where as the same call with good old "data" dissector works. Needless to say that CFDP appears as activated in the protocol options.

Using that, I could of course modify the Space Packet dissector to call CFDP when the APID has a given value, but since the APID used for CFDP is mission-specific, I would like to make something the more generic possible and use the "Decode As" feature from the GUI, that's to say entering "space_packet_protocol.application_process_identifier", a decimal value, and "CFDP" in the "Decode As..." dialog box.

As mentioned in the documentation, only a few protocols + fields can be used as selectors for "Decode As..." using an "out-of-the-box WireShark" and you need to do some LUA coding to add your own protocol and field.

And this is where I stumble. I have found here an example of a LUA dissector calling a cascaded LUA dissector using the "Decode As..." feature, but the crux is that the cascaded protocol I would like to use (CFDP) is not a LUA one but rather a built-in one. What am I missing?

Any welp would be appreciated.

TIA.

edit retag flag offensive close merge delete