Revision history [back]

I'm trying to create an "out-of-tree" dissector plugin for my protocol:

• My protocol messages are encapsulated into ZMTP frames, so I'm using this Lua dissector.
• Regarding subdissectors, we can read the following in its documentation:

-- Register a subdissector "my_subdissector" to the ZMTP protocol table for TCP port 1234
local zmtp = DissectorTable.get("zmtp.protocol")
zmtp:add(1234, my_subdissector_proto)
-- Register the ZMTP dissector as the default for that TCP port (so no "decode as" is needed)
local zmtp_dissector = Dissector.get("zmtp")
local tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(1234, zmtp_dissector)

So I guess basically it provides a table called zmtp.protocol in which I need to register my own dissector.

My code is as follows:

#include <config.h>
#include <epan/packet.h>

namespace impl
{

static int proto = -1;
static dissector_handle_t handle;

static int dissect(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    proto_tree_add_protocol_format(tree, proto, tvb, 0, -1, "This is Toto, a Wireshark dissector plugin prototype");
    return tvb_captured_length(tvb);
}

static void proto_register()
{
    proto = proto_register_protocol("Toto protocol", "Toto", "toto");
    handle = create_dissector_handle(&dissect, proto);
}

static void plugin_reg_handoff()
{
    dissector_add_uint("zmtp.protocol", 23456, handle);
}

}

extern "C"
{
    char plugin_version[] = "0.0.1";
    int plugin_want_major = VERSION_MAJOR;
    int plugin_want_minor = VERSION_MINOR;

    void plugin_register()
    {
        static proto_plugin plug;

        plug.register_protoinfo = impl::proto_register;
        plug.register_handoff = impl::plugin_reg_handoff;
        proto_register_plugin(&plug);
    }
}

When I launch Wireshark from the command line, I get the following message:

OOPS: dissector table "zmtp.protocol" doesn't exist
Protocol being registered is "Toto protocol"

Both plugins seem to be correctly registered by Wireshark when I look at Help > About Wireshark > Plugins. Plus I named them so that the Lua dissector appears before mine in the list.

Can someone point me to the right direction?

I'm trying to create an "out-of-tree" dissector plugin for my protocol:

• My protocol messages are encapsulated into ZMTP frames, so I'm using this Lua dissector.
• Regarding subdissectors, we can read the following in its documentation:

-- Register a subdissector "my_subdissector" to the ZMTP protocol table for TCP port 1234
local zmtp = DissectorTable.get("zmtp.protocol")
zmtp:add(1234, my_subdissector_proto)
-- Register the ZMTP dissector as the default for that TCP port (so no "decode as" is needed)
local zmtp_dissector = Dissector.get("zmtp")
local tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(1234, zmtp_dissector)

So I guess basically it provides a table called zmtp.protocol in which I need to register my own dissector.

My code is as follows:

#include <config.h>
#include <epan/packet.h>

namespace impl
{

static int proto = -1;
static dissector_handle_t handle;

static int dissect(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    proto_tree_add_protocol_format(tree, proto, tvb, 0, -1, "This is Toto, a Wireshark dissector plugin prototype");
    return tvb_captured_length(tvb);
}

static void proto_register()
{
    proto = proto_register_protocol("Toto protocol", "Toto", "toto");
    handle = create_dissector_handle(&dissect, proto);
}

static void plugin_reg_handoff()
{
    dissector_add_uint("zmtp.protocol", 23456, handle);
}

}

extern "C"
{
    char plugin_version[] = "0.0.1";
    int plugin_want_major = VERSION_MAJOR;
    int plugin_want_minor = VERSION_MINOR;

    void plugin_register()
    {
        static proto_plugin plug;

        plug.register_protoinfo = impl::proto_register;
        plug.register_handoff = impl::plugin_reg_handoff;
        proto_register_plugin(&plug);
    }
}

When I launch Wireshark from the command line, I get the following message:

OOPS: dissector table "zmtp.protocol" doesn't exist
Protocol being registered is "Toto protocol"

Both plugins seem to be correctly registered by Wireshark when I look at Help > About Wireshark > Plugins. Plus I named them so that the Lua dissector appears before mine in the list.

Can someone point me to the right direction?

EDIT: the Lua dissector seems to be working fine, I can Decode As... > ZMTP and it does a great job.