Hi Ariel,
Le mar. 30 nov. 2021 à 14:12, Ariel Burbaickij <ariel.burbaic...@gmail.com>
a écrit :
> Hello community,
> I have written a custom dissector for LTE related protocols and it runs
> fine but there is one last piece that I would like to add to it. Context is
> such: there is a wrapper (generic name) protocol and I call LTE dissector
> in this manner:
>
> local myrrc = Dissector.get("lte-rrc.dl.dcch")
> local rrc_dl_dcch = myrrc:call(buffer(wrapper_protocol.length()):tvb(),
> pinfo, tree)
>
> or this
>
> myrrc = Dissector.get("lte-rrc.ul.dcch")
> local rrc_ul_dcch = myrrc:call(buffer(wrapper_protocol.length()):tvb(),
> pinfo, tree)
>
> and decode works just fine, however in protocol field in Wireshark's GUI I
> get WRAPPER_PROOTOCOL as the name and I would like to see LTE RRC or
> something similar in case of S1AP which is called like this:
>
> local sctp_tbl = DissectorTable.get ("sctp.ppi")
> local prot_s1ap = sctp_tbl:get_dissector(18)
> prot_s1ap:call(wrapper_protocol.length()):tvb(), pinfo, tree)
>
> I do get S1AP as a protocol. length of wrapper_protocol is the same in all
> three cases,
>
> So, how can it be achieved foR LTE RRC and eventually NR RRC ?
>
The lte-rrc.dl.dcch registered dissector historically does not update the
protocol column. You might want to use lte_rrc.dl_dcch instead, which will
update the protocol column with LTE RRC DL_DCCH instead. See
epan/dissectors/packet-lte-rrc.c file for more details.
The NR RRC dissector always updates the info column.
Best regards,
Pascal.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-requ...@wireshark.org?subject=unsubscribe
