I hope I am asking the right question. I have just started looking into making my own dissector for this. I'm trying to write a dissector in LUA that will parse a couple of org specific TLVs in the OAM protocol. I can't seem to wrap my head around the steps I'd need to take to allow the built in dissector to do all the work it can, and only run my code when the frame contains the TLVs I care about. And even better would be to only run my dissector on the portion of the frame I need it to. How would I write a dissector in LUA that will process a specific part of a frame after the rest of the frame has been processed by a built in dissector? Or do I have to add my dissector to the dissector table in place of the slow protocols dissector? Any pointers would be greatly appreciated. asked 16 Apr '12, 11:29 Mateo edited 16 Apr '12, 16:08 Guy Harris ♦♦ |
One Answer:
Currently, you would have to add your dissector in place of the slow protocols dissector, as the OAM dissector does not currently have any mechanism to register a dissector for the Vendor Specific Information in a Local Information TLV in an Information OAMPDU, for the information in an Organization Specific Information TLV in an Information OAMPDU, or for the contents of an Organization Specific OAMPDU. It would be better if there were such mechanisms; to request them, you should file a request for enhancement on the Wireshark Bugzilla. answered 16 Apr '12, 16:07 Guy Harris ♦♦ |
Thank you for the reply. I can certainly enter a request for that. Off the top of your head, do you know of any protocols dissector that does have a mechanism for registering a dissector for a Organization Specific TLV? I can only think of one other protocol that uses them (LLDP) but I'm sure there are others. I wouldn't mind taking a stab at adding the functionality.
In the short term though, would it be easiest to customize the slow protocols dissector to dissect the parts I care about?
Well, looking for calls to
register_dissector_table()
with a dissector table name that includes "oui", I only found the LLDP dissector, so there might not be others.Probably.