Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Data dissector called before custom chained dissector

I am trying to build a chained dissector for a custom protocol on top of COTP, TPKT and TCP. Based on the code found at I came up with the following:

local my_protocol = Proto("MyProto", "My Protocol")

local tpkt_dissector

my_protocol.fields = {}

function my_protocol.dissector(tvb, pinfo, tree)
    info("MyProto Dissector called")

    local initial_len = tvb:len()

    local result = tpkt_dissector:call(tvb, pinfo, tree)

    info(string.format("Initial length: %d", initial_len))
    info(string.format("TPKT result: %d", result))

local tcp_table = DissectorTable.get("tcp.port")
tpkt_dissector = tcp_table:get_dissector(30001)

tcp_table:set(30001, my_protocol)

The problem however is that undissected bytes get passed to the data dissector before my dissector even "gets its turn", i.e. the length of the tvb my dissector receives is equal to the return value of the TPKT dissector.