Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2021-12-01 15:18:44 +0000

Jeff82374 gravatar image

How to get parent and child dissector to work at both TCP and ethertype levels

I'm fairly new to Lua dissectors, and I have a custom parent and child dissector that currently work over TCP port 5001. My custom protocol can also dissect the same protocol over ethernet (not TCP) if I modify the entire example to use hardcoded ethertype and 0x8800 instead of tcp and 5001.

How can I make the parent and child generic enough to work over either TCP port 5001 or ethertype 0x8800? I'm trying to minimize duplication and make modules as reusable as possible.

Challenge 1: MyCustomTable Dissector Table is shared across LUA files. If I create a separate parent ethertype file with a different MyCustomTable2 name, this no longer matches child. How can the child know which parent dissector table to pull (MyCustomTable or MyCustom Table2)?

Challenge 2: Child is currently hardcoded to TCP port 5001. I can add if statements to change these hardcoded values, but I don't know how to find out if the parent is ethertype or tcp to decide at the child.lua file level.

Thanks!

--child.lua

 MyProtocolA = Proto.new("MyProtocolA", "My Protocol A")

--ProtoFields and Fields defined but not shown

function MyProtocolA.init()

        DissectorTable.get("MyCustomTable"):add(5001, MyProtocolA)
    end

function MyProtocolA.dissector(buffer, pinfo, tree)
    length = buffer:len()
    pinfo.cols.protocol = MyProtocolA.name

    local subtree = tree:add(MyProtocolA,buffer(), "My Protocol Data")

    --More here not shown
end

tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(5001, MyProtocolA)

--parent.lua

MyParent = Proto.new("MyParent", "MyParent")

--Protofields and Fields defined here

local MyTable = DissectorTable.new("MyCustomTable",
                                   "MyCustomTable", ftypes.UINT32, base.HEX)

function MyParent.dissector(buffer, pinfo, tree)
    local payloadLength = buffer:len()
    pinfo.cols.protocol = MyParent.name
    local subtree = tree:add(MyParent,buffer(), "MyParent")

    subdissector_handle = MyTable:get_dissector(pinfo.src_port)
    if subdissector_handle == nil then
       subdissector_handle = MyTable:get_dissector(pinfo.dst_port)
    end

    nextBlock = -- get next bytes to process here
    subdissector_handle:call(nextBlock,pinfo,subtree)
end

tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(5001, MyParent)
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2