Data dissector called before custom chained dissector

asked 2018-11-16 09:02:40 +0000

nuber
1 ●1 ●1

I am trying to build a chained dissector for a custom protocol on top of COTP, TPKT and TCP. Based on the code found at https://wiki.wireshark.org/Lua/Dissec... I came up with the following:

local my_protocol = Proto("MyProto", "My Protocol")

local tpkt_dissector

my_protocol.fields = {}

function my_protocol.dissector(tvb, pinfo, tree)
    info("MyProto Dissector called")

    local initial_len = tvb:len()

    local result = tpkt_dissector:call(tvb, pinfo, tree)

    info(string.format("Initial length: %d", initial_len))
    info(string.format("TPKT result: %d", result))
end

local tcp_table = DissectorTable.get("tcp.port")
tpkt_dissector = tcp_table:get_dissector(30001)

tcp_table:set(30001, my_protocol)

The problem however is that undissected bytes get passed to the data dissector before my dissector even "gets its turn", i.e. the length of the tvb my dissector receives is equal to the return value of the TPKT dissector.

edit retag flag offensive close merge delete

add a comment

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account.

Data dissector called before custom chained dissector

Be the first one to answer this question!

Question Tools

Stats

Related questions

Data dissector called before custom chained dissector edit

Be the first one to answer this question!

Question Tools

Stats

Related questions

Data dissector called before custom chained dissector