Wireshark mailing list archives
Re: LUA chained dissector drops data parameter
From: Peter Wu <peter () lekensteyn nl>
Date: Tue, 26 Nov 2019 00:40:06 +0000
Hi Mikael, On Mon, Nov 18, 2019 at 05:20:54PM +0000, Kanstrup, Mikael wrote:
Hi, I'm working on dissecting a proprietary protocol that extends Bluetooth HCI_ACL with a LUA dissector. As there's no heuristics dissector list registered for this particular protocol I thought something similar could be achieved with a chained dissector. I retrieve the original HCI_ACL dissector handle and replace it with my own LUA dissector. In LUA dissector apply some heuristics and if it's not my own protocol then call the original HCI_ACL dissector via the handle. Code looks like this: local proto_test = Proto("test", "Use chaining as heuristic dissector") local proto_default_acl function is_test_proto(tvb, pinfo) -- Apply heuristics to determine if own protocol return false end function proto_test.dissector(tvb, pinfo, tree) if not is_test_proto(tvb, pinfo) then return proto_default_acl:call(tvb, pinfo, tree) end pinfo.cols.protocol = "test" tree = tree:add(proto_test, tvb) return tvb:len() end function proto_test.init() local hci_type = DissectorTable.get("hci_h4.type") local pattern = 0x02 -- ACL proto_default_acl = hci_type:get_dissector(pattern) hci_type:add(pattern, proto_test) end This unfortunately did not work and I was not able to find out why until I started looking at the HCI_ACL dissector code itself. static gint dissect_bthci_acl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) { <...> /* Reject the packet if data is NULL */ if (data == NULL) return 0; The above NULL check is hit for all calls coming from the LUA dissector. The LUA dissector function prototype does not have the data parameter and it appears it's simply lost when chaining calls through LUA.
Correct, Lua always passes a NULL parameter. Due to type-safety, Lua dissectors cannot pass arbitrary data.
Any suggestions on how to approach this? Would it be possible to extend the LUA dissector interface with another function prototype that supports the data parameter? Just support relaying the parameter in chained dissectors, not modifying or doing any fancy stuff with it.
There is unfortunately no runtime registration of types for the 'data' parameter. If you can somehow keep track that a C dissector was from a particular dissector table, and then recognize that the Lua dissector was registered with the same table, then hopefully it should be possible to propagate the data parameter as special case. Long-term, we might have to revisit how to pass data between (multiple layers of) dissectors. Not just Lua, but also C. For Lua, see also: Bug 15931 - Add Lua support for arbitrary data parameter in dissector calls. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15931 (+cc Huang) Discussion about another mechanism to pass data between dissectors: https://code.wireshark.org/review/35159 Discussion about another (abandoned) new mechanism to pass data between dissectors: https://code.wireshark.org/review/34049 -- Kind regards, Peter Wu https://lekensteyn.nl ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- LUA chained dissector drops data parameter Kanstrup, Mikael (Nov 18)
- Re: LUA chained dissector drops data parameter Peter Wu (Nov 25)
- Re: LUA chained dissector drops data parameter Kanstrup, Mikael (Nov 29)
- <Possible follow-ups>
- Re: LUA chained dissector drops data parameter Michael Mann via Wireshark-dev (Nov 29)
- Re: LUA chained dissector drops data parameter Peter Wu (Nov 25)