I'm having a packet type that contains one of two different versions of a certain protocol. One dump only consists of packets of one type. So I've defined two different protocol dissectors in lua. Initialization is done by the following code.
The second one is added similarly in it's own lua file.
My idea was to select which version to use by enabling only the used protocol via the GUI. Because each dump only consists of one version. If I disable the first one everything works fine. But if I disable the second one the first one is not used but the default dissector kicks in. So I guess the initialization stuff for both dissectors is run at startup and the second one overwrites the first. So my question basically is: Is there a "best practice" how you could have two dissectors with the identical DissectorTable Entry and choose between them? (Deciding dynamically based on payload is currently not an option). Currently I have to replace the file in the plugin folder and restart Wireshark which is a pretty poor user experience. asked 16 Oct '15, 04:32 heine |
One Answer:
Well, you should add your dissectors to "UUID" table, so you do not need touch "handle" table. Handle table is useful only for DecodeAs, so no dissector should assign any value of them, because those values may changed anytime. Also you should use DecodeAs instead of disabling/enabling your dissectors. You can decode payload as by handle or/and UUID. The best practise is capture BLE with Primary (and secondary) Service Discovery, so Wireshark know what UUID is assign to handle. This will solve your problem with different attributes assigned to the same handle. answered 07 Nov '15, 05:16 Michał Łabędzki |