Wireshark mailing list archives

LUA chained dissector drops data parameter

From: "Kanstrup, Mikael" <Mikael.Kanstrup () sony com>
Date: Mon, 18 Nov 2019 17:20:54 +0000

Hi,

I'm working on dissecting a proprietary protocol that extends Bluetooth HCI_ACL with a LUA dissector. As there's no 
heuristics dissector list registered for this particular protocol I thought something similar could be achieved with a 
chained dissector. I retrieve the original HCI_ACL dissector handle and replace it with my own LUA dissector. In LUA 
dissector apply some heuristics and if it's not my own protocol then call the original HCI_ACL dissector via the handle.

Code looks like this:

local proto_test = Proto("test", "Use chaining as heuristic dissector")
local proto_default_acl

function is_test_proto(tvb, pinfo)
    -- Apply heuristics to determine if own protocol
    return false
end

function proto_test.dissector(tvb, pinfo, tree)
    if not is_test_proto(tvb, pinfo) then
        return proto_default_acl:call(tvb, pinfo, tree)
    end

    pinfo.cols.protocol = "test"
    tree = tree:add(proto_test, tvb)
    return tvb:len()
end

function proto_test.init()
    local hci_type = DissectorTable.get("hci_h4.type")
    local pattern = 0x02 -- ACL
    proto_default_acl = hci_type:get_dissector(pattern)
    hci_type:add(pattern, proto_test)
end

This unfortunately did not work and I was not able to find out why until I started looking at the HCI_ACL dissector 
code itself.

static gint
dissect_bthci_acl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
<...>
    /* Reject the packet if data is NULL */
    if (data == NULL)
        return 0;

The above NULL check is hit for all calls coming from the LUA dissector. The LUA dissector function prototype does not 
have the data parameter and it appears it's simply lost when chaining calls through LUA.

Any suggestions on how to approach this? Would it be possible to extend the LUA dissector interface with another 
function prototype that supports the data parameter? Just support relaying the parameter in chained dissectors, not 
modifying or doing any fancy stuff with it.

/Mikael

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

LUA chained dissector drops data parameter Kanstrup, Mikael (Nov 18)
- Re: LUA chained dissector drops data parameter Peter Wu (Nov 25)
  - Re: LUA chained dissector drops data parameter Kanstrup, Mikael (Nov 29)
- <Possible follow-ups>
- Re: LUA chained dissector drops data parameter Michael Mann via Wireshark-dev (Nov 29)