Hi Harris,
Thanks a lot for the clarification.
I am not in any of the case, my protocol is running on top of X.25 .
I checked the implementation of the X.25 dissector, for the payload, the dissector checks if it might be an IP, then OSI CLNP , then the heuristic dissector (we can't neither write heuristic dissector in LUA), then
if nothing match, invokes the raw data dissector.
More generally I presume I can't be the first to need to "Decode the raw data with whatever Dissectors I want" (independently if the Dissector is C / Lua written, independantly of the under protocols).
It would be more or less an "export mode", for case where protocols are not stacked "as expected".
From: Guy Harris <guy@xxxxxxxxxxxx>
To: Sandwood Sandwood <keysandwood@xxxxxxxx>; Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Sent: Wednesday, 28 September 2011, 18:36:20
Subject: Re: [Wireshark-dev] How to make a LUA written dissector appears in the "Decode As" Widget ?
On Sep 28, 2011, at 4:57 AM, Sandwood Sandwood wrote:
> The "Wireshark: Decode As" functionality is very usefull in some case when the carrying protocol does not provide a "upper protocol
field".
For the Ethertype, MPLS label, IP protocol, TCP port, UDP port, and SCTP PPI pages, "Decode As" works by registering a particular value of the "upper protocol field" in the carrying protocol's dissector table to use the upper protocol, so that requires an upper protocol field.
For DCE RPC, it works by registering a particular collection of port numbers, context IDs and (for DCE RPC over SMB) SMB file ID to use a particular DCE RPC-based protocol, so that applies *only* to DCE RPC-based protocols.
For ASN.1, it works only if the "capture file" is a raw collection of ASN.1 BER-encoded data, and applies only to ASN.1 BER-encoded protocol.
I don't think we support writing dissectors either for DCE RPC-based protocols or ASN.1-based protocols in Lua, so you're presumably talking about dissectors for protocols running atop:
protocols with an Ethertype, which have an "upper protocol
field";
IPv4 or IPv6, which have an "upper protocol field", the IP protocol type/next header field;
TCP or UDP, which have a field that's technically not an "upper protocol field" but that can sometimes be used as one, the port number;
SCTP, which has the PPI field;
and all have dissector tables for the fields in question.
> When writing a Dissector in LUA, the newly written dissector is not in the List of protocols.
>
> So if the carrying protocol does not offer a Dissector Table where I can add the upper LUA protocol, how can we process ?
If the protocol on top of which your protocol runs doesn't have a dissector table, you can't even make a dissector written in C appear in the "Decode As" widget, except for DCE RPC-based and ASN.1-based protocols.
