Wireshark-users: Re: [Wireshark-users] last touches for custom Lua dissector

From: Pascal Quantin <pascal@xxxxxxxxxxxxx>
Date: Tue, 30 Nov 2021 14:21:42 +0100
Hi Ariel,

Le mar. 30 nov. 2021 à 14:12, Ariel Burbaickij <ariel.burbaickij@xxxxxxxxx> a écrit :
Hello community,
I have written a custom dissector for LTE related protocols and it runs fine but there is one last piece that I would like to add to it. Context is such: there is a wrapper (generic name) protocol and I call LTE dissector in this manner:

local myrrc = Dissector.get("lte-rrc.dl.dcch")
local rrc_dl_dcch = myrrc:call(buffer(wrapper_protocol.length()):tvb(), pinfo, tree)

or this

myrrc = Dissector.get("lte-rrc.ul.dcch")
local rrc_ul_dcch = myrrc:call(buffer(wrapper_protocol.length()):tvb(), pinfo, tree)

and decode works just fine, however in protocol field in Wireshark's GUI I get WRAPPER_PROOTOCOL as the name and I would like to see LTE RRC or something similar in case of S1AP which is called like this:

  local sctp_tbl = DissectorTable.get ("sctp.ppi")
  local prot_s1ap = sctp_tbl:get_dissector(18)
  prot_s1ap:call(wrapper_protocol.length()):tvb(), pinfo, tree)

I do get S1AP as a protocol. length of wrapper_protocol is the same in all three cases,

So, how can it be achieved foR LTE RRC and eventually NR RRC ?

The lte-rrc.dl.dcch registered dissector historically does not update the protocol column. You might want to use lte_rrc.dl_dcch instead, which will update the protocol column with LTE RRC DL_DCCH instead. See epan/dissectors/packet-lte-rrc.c file for more details.

The NR RRC dissector always updates the info column.

Best regards,
Pascal.