|
Hi,
I'm working on dissecting a proprietary protocol that extends Bluetooth HCI_ACL with a LUA dissector. As there's no heuristics dissector list registered for this particular protocol I thought something similar could be achieved with a chained dissector. I retrieve
the original HCI_ACL dissector handle and replace it with my own LUA dissector. In LUA dissector apply some heuristics and if it's not my own protocol then call the original HCI_ACL dissector via the handle.
Code looks like this:
local proto_test = Proto("test", "Use chaining as heuristic dissector")
local proto_default_acl
function is_test_proto(tvb, pinfo)
-- Apply heuristics to determine if own protocol
return false
end
function proto_test.dissector(tvb, pinfo, tree)
if not is_test_proto(tvb, pinfo) then
return proto_default_acl:call(tvb, pinfo, tree)
end
pinfo.cols.protocol = "test"
tree = tree:add(proto_test, tvb)
return tvb:len()
end
function proto_test.init()
local hci_type = DissectorTable.get("hci_h4.type")
local pattern = 0x02 -- ACL
proto_default_acl = hci_type:get_dissector(pattern)
hci_type:add(pattern, proto_test)
end
This unfortunately did not work and I was not able to find out why until I started looking at the HCI_ACL dissector code itself.
static gint
dissect_bthci_acl(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
{
<...>
/* Reject the packet if data is NULL */
if (data == NULL)
return 0;
The above NULL check is hit for all calls coming from the LUA dissector. The LUA dissector function prototype does not have the data parameter and it appears it's simply lost when chaining calls through LUA.
Any suggestions on how to approach this? Would it be possible to extend the LUA dissector interface with another function prototype that supports the data parameter? Just support relaying the parameter in chained dissectors, not modifying or doing any fancy
stuff with it.
/Mikael
|