Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

lua dissector, need to set pinfo.in_error_pkt but cannot

Hi! I am writing a dissector (so far all is good) but now I am hitting a snag.

At a certain offset my protocol contains an IP header as part of its payload. Just the IP header (20 bytes, starts with x'45'...). My payload then continues with other data not related to the IP header.

Similar in a fashion to ICMP, for example, which will provide the errant IP header as part of its error report.

Simply calling the "ip" dissector works, but the header is colored red and expert reports length discrepancies.

In the epan/dissectors/icmp.c I can see how they make sure that the dissection of ONLY the IP header is requested: They set the pinfo.in_error_pkt flag.

My attempts to do that in my .lua dissector fail because for some reason, pinfo.in_error_pkt is "Retrieve only". I cannot set it.

Here is a code snippet showing what I want to do:

    temp = pinfo.in_error_pkt
    pinfo.in_error_pkt = true -- THIS LINE FAILS
    Dissector.get("ip"):call(buffer(some_offset, 20):tvb(), pinfo, tree)
    pinfo.in_error_pkt = temp