Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2025-02-19 17:01:05 +0000

mwb gravatar image

Explicitely call a specific Lua dissector from a Lua tap/listener w/o a tree?

Hi everyone,

I've been able to use a dissector for a custom protocol which transports data over USB bulk packets. The "outermost layer" of the custom protocol looks as follows:

┌────────────────────┐   ┌───────────────┐    ┌────────────────────┐
│┌───┐┌───┐┌───┐┌───┐│   │┌───┐┌───┐┌───┐│    │┌───┐┌───┐┌───┐┌───┐│
││a  ││b  ││a  ││b  ││   ││a  ││a  ││c  ││    ││a  ││b  ││a  ││c  ││
│└───┘└───┘└───┘└───┘│   │└───┘└───┘└───┘│    │└───┘└───┘└───┘└───┘│
└────────────────────┘   └───────────────┘    └────────────────────┘
USB bulk packet #1       USB bulk packet #2   USB bulk packet #3

In the next step, I'd like to call another dissector for the "inner layer" of that protocol. Let's say frames of type b.

I've written a tap/listener in Lua which is called for every frame of the "outermost layer", i.e. for frames of types a, b and c. I can identify frames of type b and want to call the dissector for the payload of the "inner layer".

What I am currently trying is: Call InnerLayerTypeB_protocol.dissector:call(some_tvb, pinfo, tapinfo) from function tap.packet(pinfo, tvb, tapinfo).

The problem: The function parameters.

First argument of type Tvb? These are the payload bytes I want to hand over to the dissector. I can construct a new Tvb object, no problem: local bc_tvb = ByteArray.tvb(stream_data, "My Tvb") -- where stream_data = fi.value taken from some specific field (local fields = { all_field_infos() } ... for ix, fi in ipairs(fields) do). That might work.

Second argument: pinfo? No problemo... as function tap.packet(pinfo, tvb, tapinfo) already gets that itself as a third argument.

Third argument: tree. I don't have access to "the existing tree"... and I don't really care. Is there a way to create an "empty tree" and use it? I don't need to access anything that exists yet, just dissect the "inner layer". Unfortunately, TreeItem:new() does not exist. I also cannot pass it nil or an empty table ({}).

According to https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Listener.html, a Listener "can read the tree, the packet’s Tvb buffer as well as the tapped data, but it cannot add elements to the tree". So.. can I maybe create a copy of an existing tree?

I might be mis-using something here because I haven't fully understood Wireshark concepts yet. Maybe postdissectors or chained dissectors is the way to go, but I do not understand how to use them.. if the "outer layer" is not something existant such as TCP.

Every pointer will be helpful!

Cheers