Use a UDP payload dissector depending on ip addresses

asked 2017-11-24 16:20:06 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hello, I wrote a lua dissector that dissects UDP data. It is called like that :

DissectorTable.get("udp.port"):add(2222, cif)

However, i want this dissector to be used for all udp port (UDP port will not be always the same in my applications). What will not change are IP adresses. So the discriminator I want to use is source and destination ip adresses. But i still want my dissector to start at udp data level.

So i imagine I have to use heuristic dissector to do that. After searching how to do that, i add the following lines in my script :

DissectorTable.get("udp.port"):add(2222, cif)

local function heur_dissect_cif(tvbuf,pktinfo,root)
    local finfo = ipsrcf()
    --local finfo = pktinfo.cols.src
    local ipsrcstr = tostring(finfo)
    finfo = ipdstf()
    --finfo = pktinfo.cols.dst
    local ipdststr = tostring(finfo)
    if ((ipsrcstr==IPSRC) and (ipdststr==IPDST)) then
        cif.dissector(tvbuf,pktinfo,root)
        pktinfo.conversation = cif
        return true
    else
        return false
    end
end

cif:register_heuristic("udp",heur_dissect_cif)

I surely do not understand well the use of heuristic dissecor because this is not filtering the use of my dissector for my source and destination IP adresses. Anyone can help me to understand what's wrong in what i wrote ?

Thank you,

edit retag flag offensive close merge delete
add a comment