THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 1
nuber's avatar
1
nuber
asked 2018-11-16 09:02:40 +0000

Data dissector called before custom chained dissector

I am trying to build a chained dissector for a custom protocol on top of COTP, TPKT and TCP. Based on the code found at https://wiki.wireshark.org/Lua/Dissectors#chained_dissectors I came up with the following:

local my_protocol = Proto("MyProto", "My Protocol")

local tpkt_dissector

my_protocol.fields = {}

function my_protocol.dissector(tvb, pinfo, tree)
    info("MyProto Dissector called")

    local initial_len = tvb:len()

    local result = tpkt_dissector:call(tvb, pinfo, tree)

    info(string.format("Initial length: %d", initial_len))
    info(string.format("TPKT result: %d", result))
end

local tcp_table = DissectorTable.get("tcp.port")
tpkt_dissector = tcp_table:get_dissector(30001)

tcp_table:set(30001, my_protocol)

The problem however is that undissected bytes get passed to the data dissector before my dissector even "gets its turn", i.e. the length of the tvb my dissector receives is equal to the return value of the TPKT dissector.