Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How to create multi-layer Lua dissector?

I have several UDP protocols with same 12-bytes header.
I have read blog: https://mika-s.github.io/wireshark/lua/dissector/2018/12/18/creating-a-wireshark-dissector-in-lua-5.html
I want to create modular dissectors with one base dissector not binded to any ports. Base dissector looking like this: ```
base_protocol = Proto("my_base", "My base protocol")
descriptor = ProtoField.uint16("my.descriptor", 'Descriptor', base.DEC)
data = ProtoField.none('tb.data', 'Main payload', base.HEX)
base_protocol.fields = { descriptor, data }
function base_protocol.dissector(buffer, pinfo, tree)
local length = buffer:len()
if length == 0 then return end
pinfo.cols.protocol = base_protocol.name

  local subtree = tree:add(base_protocol, buffer(), "Base protocol Header")  

  subtree:add_le(descriptor, buffer(0, 2))
  subtree:add_le(data, buffer(12, length - 12))
  return 12
end

local udp_port = DissectorTable.get('udp.port')
udp_port:add_for_decode_as(base_protocol)

```

That base dissector is not attached to any particular port.
I want to create several other "child" dissectors (each one at own UDP port) which will receive Tvb where 0 offset is 12th byte from base_protocol. Child will add own subtree IN addition to header tree from base protocol.
I have tried to attach "parent" using local my_port = DissectorTable.get('my_base') but failed. Also I need to access "parent's" field descriptor. How can I archive this?

How to create multi-layer Lua dissector?

I have several UDP protocols with same 12-bytes header.
I have read blog: https://mika-s.github.io/wireshark/lua/dissector/2018/12/18/creating-a-wireshark-dissector-in-lua-5.html
I want to create modular dissectors with one base dissector not binded to any ports. Base dissector looking like this: ```
this:

    base_protocol = Proto("my_base", "My base protocol") 
descriptor = ProtoField.uint16("my.descriptor", 'Descriptor', base.DEC)
data = ProtoField.none('tb.data', 'Main payload', base.HEX)
base_protocol.fields = { descriptor, data }
function base_protocol.dissector(buffer, pinfo, tree)
local length = buffer:len()
if length == 0 then return end
pinfo.cols.protocol = base_protocol.name

   local subtree = tree:add(base_protocol, buffer(), "Base protocol Header")  

   subtree:add_le(descriptor, buffer(0, 2))
   subtree:add_le(data, buffer(12, length - 12))
   return 12
 end

 local udp_port = DissectorTable.get('udp.port')
 udp_port:add_for_decode_as(base_protocol)

```

That base dissector is not attached to any particular port.
I want to create several other "child" dissectors (each one at own UDP port) which will receive Tvb where 0 offset is 12th byte from base_protocol. Child will add own subtree IN addition to header tree from base protocol.
I have tried to attach "parent" using local my_port = DissectorTable.get('my_base') but failed. Also I need to access "parent's" field descriptor. How can I archive this?

How to create multi-layer Lua dissector?

I have several UDP protocols with same 12-bytes header.
I have read blog: https://mika-s.github.io/wireshark/lua/dissector/2018/12/18/creating-a-wireshark-dissector-in-lua-5.html
I want to create modular dissectors with one base dissector not binded to any ports. Base dissector looking like this:

    base_protocol = Proto("my_base", "My base protocol")  
    descriptor = ProtoField.uint16("my.descriptor", 'Descriptor', base.DEC)  
    data = ProtoField.none('tb.data', 'Main payload', base.HEX)  
    base_protocol.fields = { descriptor, data }  
    function base_protocol.dissector(buffer, pinfo, tree)    
      local length = buffer:len()  
      if length == 0 then return end  
      pinfo.cols.protocol = base_protocol.name  

      local subtree = tree:add(base_protocol, buffer(), "Base protocol Header")  

      subtree:add_le(descriptor, buffer(0, 2))
      subtree:add_le(data, buffer(12, length - 12))
      return 12
    end

    local udp_port = DissectorTable.get('udp.port')
    udp_port:add_for_decode_as(base_protocol)

That base dissector is not attached to any particular port.
I want to create several other "child" dissectors (each one at own UDP port) which will receive Tvb where 0 offset is 12th byte from base_protocol. Child will add own subtree IN addition to header tree from base protocol.
I have tried to attach "parent" using local my_port = DissectorTable.get('my_base') but failed. Also I need to access "parent's" field descriptor. How can I archive achieve this?