https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4859
Summary: Lua dissector does not get called
Product: Wireshark
Version: 1.2.7
Platform: All
OS/Version: Ubuntu
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: sidda.eraiah@xxxxxxxxxxx
Build Information:
Version 1.2.7
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.20.0, with GLib 2.24.0, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18 2010 23:31:11),
without AirPcap.
Running on Linux 2.6.32-22-generic, with libpcap version 1.0.0, GnuTLS 2.8.5,
Gcrypt 1.4.4.
Built using gcc 4.4.3.
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
I am writing a custom dissector for a protocol and have followed instructions
to enable lua scripts by commenting out the disable_lua line in init.lua file.
I also have run_user_scripts_when_superuser set to true.
The dissector I have is as follows in wse.lua:
do
ws_proto = Proto("wse", "Enhanced ws");
function ws_proto.dissector(buffer, pinfo, tree)
print("dissector called")
pinfo.cols.protocol="WSE"
print (buffer (0, 4):string())
local subtreeitem = tree:add(ws_proto, buffer(), "WSE traffic")
subtreeitem:add_le(buffer(), "traffic")
pinfo.cols.info:set("WSE");
end
DissectorTable.get("tcp.port"):add(8001, ws_proto)
print(ws_proto.name)
end
When run tshark or wireshark by passing the this wse.lua file in the command
line using "sudo wireshark -X lua_script:wse.lua", I do see the wse protocol
listed in the expressions dialog correctly.
Issue
When I try to record some traffic by sending bytes on port 8001 (this dissector
is registered on 8001), my dissector is not called. Instead it shows the log as
this.
WSE
Running as user "root" and group "root". This could be dangerous.
Capturing on lo
0.000000 127.0.0.1 -> 127.0.0.1 HTTP Continuation or non-HTTP traffic
0.000966 127.0.0.1 -> 127.0.0.1 HTTP Continuation or non-HTTP traffic
0.001001 127.0.0.1 -> 127.0.0.1 TCP 59174 > vcom-tunnel [ACK] Seq=20
Ack
Please note that WSE is printed by my script, but the dissector is not called
and the internal HTTP dissector is getting called.
Other thing I tried
So, I started wireshark with out the lua file by executing "sudo wireshark" and
open up the evaluate dialog by clicking on Tools->Lua->Evaluate menu. In this
evaluate dialog, I copied the contents of wse.lua file and evaluated it. I see
the "WSE" (my log) is printed on the console. After running this, if I record
traffic on loopback, it calls my dissector correctly and I see the entries in
wireshark as wse and also the logs that I am printing.
It appears that the HTTP dissector is taking priority over my dissector for
some reason. Your valuable insights or workarounds to get this Lua dissector to
work correctly is appreciated.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
