Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] last touches for custom Lua dissector

Date Prev · Date Next · Thread Prev · Thread Next
From: Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx>
Date: Tue, 30 Nov 2021 14:29:37 +0100
Hello Pascal,
cool, it works. Thank you very much for your fast response. Genuinely appreciated! Will take a look at the updated(?) dissector now.

Kind Regards
Ariel Burbaickij


On Tue, Nov 30, 2021 at 2:22 PM Pascal Quantin <pascal@xxxxxxxxxxxxx> wrote:
Hi Ariel,

Le mar. 30 nov. 2021 à 14:12, Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx> a écrit :
Hello community,
I have written a custom dissector for LTE related protocols and it runs fine but there is one last piece that I would like to add to it. Context is such: there is a wrapper (generic name) protocol and I call LTE dissector in this manner:

local myrrc = Dissector.get("lte-rrc.dl.dcch")
local rrc_dl_dcch = myrrc:call(buffer(wrapper_protocol.length()):tvb(), pinfo, tree)

or this

myrrc = Dissector.get("lte-rrc.ul.dcch")
local rrc_ul_dcch = myrrc:call(buffer(wrapper_protocol.length()):tvb(), pinfo, tree)

and decode works just fine, however in protocol field in Wireshark's GUI I get WRAPPER_PROOTOCOL as the name and I would like to see LTE RRC or something similar in case of S1AP which is called like this:

  local sctp_tbl = DissectorTable.get ("sctp.ppi")
  local prot_s1ap = sctp_tbl:get_dissector(18)
  prot_s1ap:call(wrapper_protocol.length()):tvb(), pinfo, tree)

I do get S1AP as a protocol. length of wrapper_protocol is the same in all three cases,

So, how can it be achieved foR LTE RRC and eventually NR RRC ?

The lte-rrc.dl.dcch registered dissector historically does not update the protocol column. You might want to use lte_rrc.dl_dcch instead, which will update the protocol column with LTE RRC DL_DCCH instead. See epan/dissectors/packet-lte-rrc.c file for more details.

The NR RRC dissector always updates the info column.

Best regards,
Pascal.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe