Open xnhp0320 opened 7 years ago
Snaipe
commented
7 years ago I don't think there's a way to currently do that.
Perhaps we could add a way to create a wssdl packet object from an existing dissector:
local wssdl = require 'wssdl'
local udp = wssdl.packet('udp')
local pkt = wssdl.packet {
your_data : u32();
_ : udp {};
}
wssdl.dissect {
-- replace the builtin UDP dissector
ip.proto:set {
[0x11] = pkt:proto('udp_wrapped', 'UDP (wrapped)')
};
};
xnhp0320
commented
7 years ago Is the code you write implemented or not ? I guess maybe we can reuse existing dissectors by calling dissector.get and call.
Snaipe
commented
7 years ago It's not implemented.
The main problem I see with calling dissectors like this is that wssdl currently adds the decoded protocol fields to the output tree after it has parsed the buffer, which means that if I call subdissectors during the parsing routines, then the nodes will be out of order.
For instance, if I reimplemented IP and called the TCP dissector, then the wireshark output would appear in the order MAC - TCP - IP instead of MAC - IP - TCP. I'll have to think more about this.
e.g. Reuse UDP dissector for part of pkts.
We have a packet being inserted a small data between IP and UDP headers, and wanted to display it using wireshark.
We would like to reuse UDP dissector after defining our data. But I did not find any grammer which can do this.
Could you provide some clues to do it ?thanks.