Is it possible to reuse existing dissector?

[xnhp0320]

e.g. Reuse UDP dissector for part of pkts.

We have a packet being inserted a small data between IP and UDP headers, and wanted to display it using wireshark.

We would like to reuse UDP dissector after defining our data. But I did not find any grammer which can do this.

Could you provide some clues to do it ?thanks.

[Snaipe]

I don't think there's a way to currently do that.

Perhaps we could add a way to create a wssdl packet object from an existing dissector:

local wssdl = require 'wssdl'

local udp = wssdl.packet('udp')

local pkt = wssdl.packet {
  your_data : u32();
  _ : udp {};
}

wssdl.dissect {
  -- replace the builtin UDP dissector
  ip.proto:set {
    [0x11] = pkt:proto('udp_wrapped', 'UDP (wrapped)')
  };
};

[xnhp0320]

Is the code you write implemented or not ? I guess maybe we can reuse existing dissectors by calling dissector.get and call.

[Snaipe]

It's not implemented.

The main problem I see with calling dissectors like this is that wssdl currently adds the decoded protocol fields to the output tree after it has parsed the buffer, which means that if I call subdissectors during the parsing routines, then the nodes will be out of order.

For instance, if I reimplemented IP and called the TCP dissector, then the wireshark output would appear in the order MAC - TCP - IP instead of MAC - IP - TCP. I'll have to think more about this.