I'm writing a custom Lua dissector for a protocol that can be sent over both TCP and UDP. According to the README.heuristic file, this can be done using the following code:
/* register as heuristic dissector for both TCP and UDP */
heur_dissector_add("tcp", dissect_PROTOABBREV_heur_tcp, "PROTOABBREV over TCP",
"PROTOABBREV_tcp", proto_PROTOABBREV, HEURISTIC_ENABLE);
heur_dissector_add("udp", dissect_PROTOABBREV_heur_udp, "PROTOABBREV over UDP",
"PROTOABBREV_udp", proto_PROTOABBREV, HEURISTIC_ENABLE);
I have successfully implemented this for our dissector written in C/C++. However, the Lua implementation of proto:register_heuristic(listname, func) only allows one heuristic function to be registered per protocol object even though I'm using two unique heuristic list names.
Calls to:
my_proto:register_heuristic("udp", my_heur_func)
my_proto:register_heuristic("tcp", my_heur_func)
result in Wireshark displaying an error that my_proto already has a heuristic function registered. Inspecting the source, it appears the C code behind the Lua function checks against the proto name instead of the heuristic list name. Therefore, I can only register my heuristic function for a single heuristic list name.
Is this a Lua limitation or is there another way I can register my heuristic function with multiple heuristic list names? Short of another solution, it appears I may have to create two separate Lua dissectors. One for TCP and one for UDP.
