dissector with several ppi

Thanks for your answer. But I would like to have one dissector for two PPIs (for sctp.ppi==3 and sctp.ppi==5). I think that I create one dissector and add two PPIs by the following commands:

local sctp_tbl = DissectorTable.get("sctp.ppi")
sctp_dissector = sctp_tbl:get_dissector(3)
sctp_tbl:add (5,sctp_dissector)

As with GSM_MAP. In GSM_MAP I do the following:

local sccp_tbl = DissectorTable.get("sccp.ssn")
tcap_dissector = sccp_tbl:get_dissector(9)
sccp_tbl:set ("6-9",proxy)

And I thought that that the same commands will help me to solve the problem with sccp.ppi

Can you give me some advice?

Sure you can add the same dissector to as many PPIs as you want. My original Answer suggested that. I only did not understand why you were saving the link to original dissector for ppi == 3 and for ppi == 5 into the same variable, as you were effectively storing only the second one, overwriting the link to the first one with the new one.

So the complete code would be:

local sctp_tbl = DissectorTable.get("sctp.ppi")
orig_sctp dissector_for_3 = sctp_tbl:get_dissector(3)
orig_sctp_dissector_for_5 = sctp_tbl:get_dissector(5)
sctp_tbl:add(3,proxy)
sctp_tbl:add(5,proxy)

(or you might also use a table for the links to the original dissectors if you prefer that).

And back then I haven't found the DissectorTable:set method in the doc, but it seems to be present there. So maybe there is an issue with :set when there is no dissector for the value of index which you are replacing? I know for sure that :add(index,new_dissector) replaces the existing dissector for index if it exists (which is what :set is expected to do) or adds it if no dissector existed for index before. For the same index, there is always just one dissector in the table. If you want/need to chain them, you have to do it algorithmically, which is the reason for storing the links to the original ones.

Thanks for your comments. They are very helpful for me. But there is only one problem: in my lua script I parse pcap file with the tshark and lua. I have my own protocol "proxy" by which I replace the original protocol and inside the proxy dissector (new protocol) I use the created original dissector (in my case it was "tcap_dissector"):

function proxy.dissector(tvbuf,pinfo,root)

tcap_dissector:call(tvbuf,pinfo,root)   
local num_vlan_id_field = vlan_id()

But if I create more then two dissectors then I will have to call the parsing od the file two times: first by "orig_sctp dissector_for_3" and sercondly by "orig_sctp dissector_for_5". It is not suitable for me. Or I can create an if statement in lua script to choose what dissector to use according to the value in specific field?

Friendly speaking I am beginner in lua script and dissectors then It will be great if you give me some advices to solve problem with two dissectors and one time analyze the pcap file.

Of course you can use if in Lua to choose the necessary original dissector. The point is how to convey the information about which one to use. To do that, you would either need to refer to the sctp.ppi field from within your dissector and use the value to choose the right original dissector, or you would have to register two individual dissector functions proxy_3 and proxy_5, which may be just thin wrappers calling a common code with an additional parameter (3 or 5). I cannot see any clear advantage of any of these two methods. In a single Lua script you can create as many dissector functions as you want, i.e. you don't need to split your code into several files.

First of all thank you for your help. I used "if" statement in Lua script and now I use different dissectors according to the value of the field sctp.ppi (or in wireshark sctp.data_payload_proto_id).

But for the future purpose I want to know is there a method to use dissector for any value of the "sctp.ppi"? It is not comfortable to create N dissectors for N different values of sctp.ppi.