This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm having a packet type that contains one of two different versions of a certain protocol. One dump only consists of packets of one type. So I've defined two different protocol dissectors in lua. Initialization is done by the following code.

gatt_table = DissectorTable.get("btatt.handle")
gatt_table:add(0x1234, myprotov1)

The second one is added similarly in it's own lua file.

gatt_table = DissectorTable.get("btatt.handle")
gatt_table:add(0x1234, myprotov2)

My idea was to select which version to use by enabling only the used protocol via the GUI. Because each dump only consists of one version.

If I disable the first one everything works fine. But if I disable the second one the first one is not used but the default dissector kicks in.

So I guess the initialization stuff for both dissectors is run at startup and the second one overwrites the first.

So my question basically is: Is there a "best practice" how you could have two dissectors with the identical DissectorTable Entry and choose between them? (Deciding dynamically based on payload is currently not an option). Currently I have to replace the file in the plugin folder and restart Wireshark which is a pretty poor user experience.

asked 16 Oct '15, 04:32

heine's gravatar image

heine
6112
accept rate: 0%


Well, you should add your dissectors to "UUID" table, so you do not need touch "handle" table. Handle table is useful only for DecodeAs, so no dissector should assign any value of them, because those values may changed anytime. Also you should use DecodeAs instead of disabling/enabling your dissectors. You can decode payload as by handle or/and UUID. The best practise is capture BLE with Primary (and secondary) Service Discovery, so Wireshark know what UUID is assign to handle. This will solve your problem with different attributes assigned to the same handle.

permanent link

answered 07 Nov '15, 05:16

Micha%C5%82%20%C5%81ab%C4%99dzki's gravatar image

Michał Łabędzki
411
accept rate: 8%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×431
×173

question asked: 16 Oct '15, 04:32

question was seen: 2,143 times

last updated: 07 Nov '15, 05:16

p​o​w​e​r​e​d by O​S​Q​A