THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Dissector table doesn't exist while registering subdissector for ZMTP

I'm trying to create an "out-of-tree" dissector plugin for my protocol:

-- Register a subdissector "my_subdissector" to the ZMTP protocol table for TCP port 1234
local zmtp = DissectorTable.get("zmtp.protocol")
zmtp:add(1234, my_subdissector_proto)
-- Register the ZMTP dissector as the default for that TCP port (so no "decode as" is needed)
local zmtp_dissector = Dissector.get("zmtp")
local tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(1234, zmtp_dissector)

So I guess basically it provides a table called zmtp.protocol in which I need to register my own dissector.

My code is as follows:

#include <config.h>
#include <epan/packet.h>

namespace impl
{

static int proto = -1;
static dissector_handle_t handle;

static int dissect(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree, void *data _U_)
{
    proto_tree_add_protocol_format(tree, proto, tvb, 0, -1, "This is Toto, a Wireshark dissector plugin prototype");
    return tvb_captured_length(tvb);
}

static void proto_register()
{
    proto = proto_register_protocol("Toto protocol", "Toto", "toto");
    handle = create_dissector_handle(&dissect, proto);
}

static void plugin_reg_handoff()
{
    dissector_add_uint("zmtp.protocol", 23456, handle);
}

}

extern "C"
{
    char plugin_version[] = "0.0.1";
    int plugin_want_major = VERSION_MAJOR;
    int plugin_want_minor = VERSION_MINOR;

    void plugin_register()
    {
        static proto_plugin plug;

        plug.register_protoinfo = impl::proto_register;
        plug.register_handoff = impl::plugin_reg_handoff;
        proto_register_plugin(&plug);
    }
}

When I launch Wireshark from the command line, I get the following message:

OOPS: dissector table "zmtp.protocol" doesn't exist
Protocol being registered is "Toto protocol"

Both plugins seem to be correctly registered by Wireshark when I look at Help > About Wireshark > Plugins. Plus I named them so that the Lua dissector appears before mine in the list.

Can someone point me to the right direction?

EDIT: the Lua dissector seems to be working fine, I can Decode As... > ZMTP and it does a great job.

Unda's avatar
1
Unda
asked 2023-08-09 09:25:04 +0000, updated 2023-08-09 09:32:33 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

Unfortunately, if a Lua dissector creates a dissector table, then 1) NO compiled dissector can register itself in that table and 2) to allow Lua dissectors to register in that table, all Lua dissectors that register in that dissector table must be in .lua files with names that come after the name of the file containing the Lua dissector that creates the dissector table (which is a bit of a nuisance if the Lua dissector that creates the dissector is in a file named "zmtp-dissector.lua" - you'd have to call the dissector file something such as "zmtp-mysubdissector.lua" or "zzz-mydissector.lua" or...).

This is due to Wireshark issue 15907. Fixing that in a way that still allows existing Lua dissectors to work without change will take some effort.

Guy Harris's avatar
19.9k
Guy Harris
answered 2023-08-10 09:59:30 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

I have a draft change (https://gitlab.com/wireshark/wireshar...) to create a built-in/C dissector for ZMTP. It still supports the "zmtp.protocol" table, as well as a port->protocol table in its preferences. Any testing coverage and/or donated capture files for verifying the implementation (particularly some of older / more obscure commands, or mechanisms other than NULL) would be very welcome.

MartinM's avatar
197
MartinM
answered 2024-03-25 09:32:14 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer