Fixup the wireshark lua packet dissector heuristic filter

This fixes a bug where the first SCION packet in a capture is never dissected as a SCION packet. The filter function is (only) called on the first packet of the conversation (4-tuple) since we set the dissector for the conversation. To also dissect the initial packet of a conversation for which a heuristic dissector function is registered, the dissector has to be called explicitly at the end of the filter function when a packet matches. From the docs: https://www.wireshark.org/docs/wsdg_html/#lua_fn_proto_register_heuristic_listname__func_ >The function should perform as much verification as possible to ensure the payload is for it, and **dissect the packet** (including setting TreeItem info and such) only if the payload is for it, before returning true or false. Also look at the comments there: https://github.com/wireshark/wireshark/blob/master/test/lua/dissector.lua#L523 https://github.com/wireshark/wireshark/blob/afff4e02/test/lua/dissector.lua#L523
FR4NK-W · Aug 13, 2024 · 61e7b61 · 61e7b61
1 parent 6d392ee
commit 61e7b61
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/tools/wireshark/scion.lua b/tools/wireshark/scion.lua
@@ -143,11 +143,17 @@ local function scion_proto_filter(tvbuf, pktinfo, root)
     local addr_type_src_valid = (addrTypes[bit.band(tvbuf(9, 1):uint(), 0xf)] ~= nil)
     local rsv_valid = (tvbuf(10, 2):uint() == 0)
 
-    if version_valid and next_hdr_valid and path_type_valid and addr_type_dst_valid and addr_type_src_valid and rsv_valid then
-       pktinfo.conversation = scion_proto
-       return true
+    if not (version_valid and next_hdr_valid and path_type_valid and addr_type_dst_valid and addr_type_src_valid and rsv_valid) then
+       return false
     end
-    return false
+
+    -- This looks like a SCION packet, dissect it.
+    scion_proto.dissector(tvbuf, pktinfo, root)
+    -- Set the scion_proto dissector for the conversation, so that all packets with the same
+    -- 4-tuple use directly the scion_proto dissector (instead of calling again this
+    -- heuristic function).
+    pktinfo.conversation = scion_proto
+    return true
 end
 
 function scion_proto.dissector(tvbuf, pktinfo, root)