Data dissector called before custom chained dissector

asked 2018-11-16 09:02:40 +0000

nuber gravatar image

I am trying to build a chained dissector for a custom protocol on top of COTP, TPKT and TCP. Based on the code found at https://wiki.wireshark.org/Lua/Dissec... I came up with the following:

local my_protocol = Proto("MyProto", "My Protocol")

local tpkt_dissector

my_protocol.fields = {}

function my_protocol.dissector(tvb, pinfo, tree)
    info("MyProto Dissector called")

    local initial_len = tvb:len()

    local result = tpkt_dissector:call(tvb, pinfo, tree)

    info(string.format("Initial length: %d", initial_len))
    info(string.format("TPKT result: %d", result))
end

local tcp_table = DissectorTable.get("tcp.port")
tpkt_dissector = tcp_table:get_dissector(30001)

tcp_table:set(30001, my_protocol)

The problem however is that undissected bytes get passed to the data dissector before my dissector even "gets its turn", i.e. the length of the tvb my dissector receives is equal to the return value of the TPKT dissector.

edit retag flag offensive close merge delete