Wireshark-bugs: [Wireshark-bugs] [Bug 10695] Lua Proto:register_heuristic should accept Dissecto
Comment # 4
on bug 10695
from Matthijs Kooijman
> But a Proto dissector function (usually/should) behaves differently
> than a heuristic... a heuristic should just return a true/false
> boolean for whether the packet belongs to this protocol, whereas a
> dissector should parse fields and set tree items and return the number
> of bytes consumed (or number of more bytes needed).
Hmm, must have missed the return number of bytes thing in the documentation
then. However, I was under the impression that a heuristic dissector
could/should also just parse a packet and add tree items, right? AFAICS, if a
heuristic dissector returns true but doesn't actually do any parsing, then it
just prevents any other dissectors from running, leaving the packet unparsed?
> Because your lambda function doesn't return anything. If your
> foo.dissector() returns true/false, then your lambda should be:
>
> function(...) return foo.dissector(...) end
Ah, that was just an oversight while minimizing my example for the bug
report - I had already tested with the return statement in my original
code. Just to confirm, I just tested this:
local foo = Proto("foo", "Foo dissector")
function foo.dissector(tvb, pinfo, tree)
return true;
end
foo:register_heuristic("wpan", function(...) return foo.dissector(...) end)
Which doesn't affect wpan packet parsing in any way. This is contrast
with:
foo:register_heuristic("wpan", function(...) return true; end)
Which should be exactly equivalent, but leaves all wpan packets
unparsed.
> Or, you could instead simply separately create a Lua function that
> that does what you want, and then set both the Proto's dissector and
> register the heuristic to that Lua function. For example:
Yeah, that's what I ended up doing. However, I spent quite some time
figuring out the unexpected stuff in the API before I ended up at this
solution - it would be useful if things worked more as you'd expect to
save others from going through the same in the future.
You are receiving this mail because:
- You are watching all bug changes.