This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Lua Dissector.get can’t find an existing dissector.

0

I'm building a LUA dissector. I want to run another dissector on the data before i continue examining the data but i am failing miserably. I have tried this with 1.10.5 and 1.11.2 and it fails in either case. This line of code is failing, (i am trying to mimic what the docs do, but obviously the docs are less than adequate):

Dissector.get("moldudp64"):call(buffer,pinfo,tree)

Simple. Get the moldudp64 dissector and call it. It fails with this in the tree pane:

bad argument #1 to 'get (Dissector_get: No such dissector)

I KNOW the dissector exists, you can go to "Internals" -> "Supported Protocols" and there it is:

MoldUDP64   MoldUDP64     moldudp64

In fact if i right click a line and click on Decode As... i can select "MoldUDP64" and it works. By the way i have tried using different variations of the "MoldUDP64" string for the get call. I am flabbergasted at how hard this simple thing is turning out to be. I'm probably completely misunderstanding something and will feel like a dummy once the obvious is pointed out to me.

Here is the complete lua dissector. Obviously it is not finished and broken in many places, but i can't even get past the first .get call in the dissector definition:

bono_proto = Proto("NASDAQ-TOPO","Nasdaq TOPO Options Protocol")

local vs_types = { [84] = "Timestamp", [83] = "System", [68] = "Directory", [72] = "Trading Action", [79] = "Security Open/Close" }

local f_type = ProtoField.uint8("NASDAQ-TOPO.type","Type", base.DEC, vs_types)

bono_proto.fields = { f_type }

– create a function to dissect it function bono_proto.dissector(buffer,pinfo,tree) Dissector.get("moldudp64"):call(buffer,pinfo,tree) pinfo.cols.protocol = "Nasdaq TOPO" local subtree = tree:add(bono_proto,buffer(),"Nasdaq TOPO Options Data") subtree:add(f_length, buffer(0,1)) end

– load the udp.port table udp_table = DissectorTable.get("udp.port") – register our protocol to handle udp ports 19601-19608 udp_table:add(19601,bono_proto) udp_table:add(19602,bono_proto) udp_table:add(19603,bono_proto) udp_table:add(19604,bono_proto) udp_table:add(19605,bono_proto) udp_table:add(19606,bono_proto) udp_table:add(19607,bono_proto) udp_table:add(19608,bono_proto)

asked 13 Feb ‘14, 13:27

shredluc's gravatar image

shredluc
11113
accept rate: 0%

edited 13 Feb ‘14, 13:29


2 Answers:

1

As an FYI, the following dissectors are registered such that Lua can call them (in Wireshark 1.11.3):

6lowpan CI+ SAC message HI2Operations STANAG 4607 a11 acr122 acse afp afs ah alc alcap amr amr-wb amr_if1_nb amr_if1_wb amr_if2_nb amr_if2_wb ams ansi_637_tele ansi_637_trans ansi_801 ansi_map ansi_tcap aoe application/pkix-cert aprs armagetronad arp asterix at atm_oam_cell atm_truncated atm_untruncated atn-cm atn-cpdlc atn-ulcs ax25 ax25_kiss ayiya bacapp bacnet basicxid bctp bencode ber bfcp bfd bicc bitcoin bittorrent.tcp bjnp bmc bootp bpdu bpdu_cisco bpq brp bssap bssap_plus bssgp bt3ds bta2dp bta2dp_content_protection_header_scms_t btamp btatt btavctp btavdtp btavrcp btbnep btcommon.cod btcommon.eir_ad.ad btcommon.eir_ad.eir btcommon.le_channel_map btdun btgnss bthci_acl bthci_cmd bthci_evt bthci_sco bthcrp bthfp bthid bthsp btl2cap btle btmcap btobex btrfcomm btsap btsdp btsmp btspp btvdp btvdp_content_protection_header_scms_t bundle bvlc bzr camel camel-v1 camel-v2 canopen ccsds ccsrl cfdp cfm chdlc cimetrics cipmotion cipsafety classicstun classicstun-heur clnp cmctrl_tlv cmip coap cops credssp data data-l1-events data-text-lines db-lsp.tcp db-lsp.udp dct2000 devicenet dhcpv6 diameter disp dmp dmx dmx-chan dmx-sip dmx-test dmx-text dnp3.udp docsis docsis_bintrngreq docsis_bpkmattr docsis_bpkmreq docsis_bpkmrsp docsis_cmctrlreq docsis_cmctrlrsp docsis_cmstatus docsis_dbcack docsis_dbcreq docsis_dbcrsp docsis_dccack docsis_dccreq docsis_dccrsp docsis_dcd docsis_dpvreq docsis_dpvrsp docsis_dsaack docsis_dsareq docsis_dsarsp docsis_dscack docsis_dscreq docsis_dscrsp docsis_dsdreq docsis_dsdrsp docsis_intrngreq docsis_map docsis_mdd docsis_mgmt docsis_regack docsis_regreq docsis_regreqmp docsis_regrsp docsis_regrspmp docsis_rngreq docsis_rngrsp docsis_sync docsis_tlv docsis_type29ucd docsis_uccreq docsis_uccrsp docsis_ucd docsis_vsif dop dpnss dpnss_link dsp dtls dua dvb_ipdc dvb_nit dx eap eapol ecat_mailbox ecatf ecp efsblob ehdlc ehs elf epl epmd erf erldp esis esl esp etch eth eth_withfcs eth_withoutfcs etherip ethertype etsi_cat exported_pdu fc fc_ifcp fcgi fcsof fcsp fddi felica file find_iuup fix fp fp_hint fr fr_stripped_address fr_uncompressed frame ftam ftp ftp-data fw1 ged125 giop git gmr1_bcch gmr1_ccch gmr1_dtap gmr1_rach gmrp goose gprs_ns gsm_a_bssmap gsm_a_ccch gsm_a_dtap gsm_a_rp gsm_a_sacch gsm_abis_om2000 gsm_abis_oml gsm_abis_rsl gsm_bsslap gsm_bssmap_le gsm_cbch gsm_cbs gsm_ipa gsm_map gsm_rlcmac_dl gsm_rlcmac_ul gsm_sim gsm_sim.bertlv gsm_sim.command gsm_sim.response gsm_sms gsm_sms_ud gssapi gssapi_verf gtp gtpprim gtpv2 gvrp h223 h223_bitswapped h225 h225.ras h245 h245dg h248 h248.tpkt h263P h263data h264 h323ui h4501 h501 hci_h1 hci_h4 hci_mon hci_usb hdcp hdcp2 hdfs hdfsdata hdmi hnbap hpext hpsw hpteam http http2 hyperscsi iax2 icmp icmpv6 idmp idrp ilmi ilp image-gif image-jfif imap imf inap infiniband infiniband_link infiniband_sdp interlink ip ipars ipmi ipv6 ipx ipxsap irda isakmp isis iso7816 iso7816.atr isup itdm iua iuup iwarp_ddp_rdmap ixveriwave j1939 json jxta.stream jxta.udp k12 knetsctp knettcp knetudp krb4 kt lane lapb lapd lapd-bitstream lapdm lapsat lcsap lct ldap lisp llc llcgprs lpp lppa lppe lte-rrc.bcch.bch lte-rrc.bcch.dl.sch lte-rrc.dl.ccch lte-rrc.dl.dcch lte-rrc.mcch lte-rrc.pcch lte-rrc.ue_cap_info lte-rrc.ue_eutra_cap lte-rrc.ul.ccch lte-rrc.ul.dcch lte_rrc.bcch_bch lte_rrc.bcch_dl_sch lte_rrc.dl_ccch lte_rrc.dl_dcch lte_rrc.mcch lte_rrc.pcch lte_rrc.ul_ccch lte_rrc.ul_dcch lwm m2pa m3ua mac-lte mac-lte-framed mac.fdd.dch mac.fdd.edch mac.fdd.edch.type2 mac.fdd.fach mac.fdd.hsdsch mac.fdd.pch mac.fdd.rach mac_header_generic_handler mac_header_type_1_handler mac_header_type_2_handler mac_mgmt_msg_aas_beam_req_handler mac_mgmt_msg_aas_beam_rsp_handler mac_mgmt_msg_aas_beam_select_handler mac_mgmt_msg_dsc_rsp_handler mac_mgmt_msg_reg_rsp_handler mac_mgmt_msg_sbc_rsp_handler mailslot_browse mailslot_lanman mate mbim.bulk mbim.control mbim.descriptor mbrtu mbtcp media megaco memcache.tcp memcache.udp mesh meta mgcp mifare mikey mime_dlt miop mip mms modbus mp2t mp2t-dsmcc mp4ves mpeg mpeg-pes mpeg_pmt mpeg_sect mpls mpls_pm_dlm mpls_pm_dlm_dm mpls_pm_dm mpls_pm_ilm mpls_pm_ilm_dm mpls_psc mpls_pw_atm_11_or_aal5_pdu mpls_pw_atm_aal5_sdu mpls_pw_atm_cell mpls_pw_atm_cell_header mpls_pw_atm_control_word mpls_pw_atm_n1_cw mpls_pw_atm_n1_nocw mpls_y1711 mplspwcw mplstp_fm mplstp_lock msmms msrp mstp mtp2 mtp3 mtp3mg mux27010 mysql nas-eps nas-eps_plain nasdaq-itch nbap ndp negoex newmail nflog noe ntlmssp ntlmssp_data_only ntlmssp_payload ntlmssp_verf nw_mtp openflow openflow_v1 openflow_v4 openflow_v5 opensafety_mbtcp opensafety_pnio opensafety_siii opensafety_udpdata openvpn.tcp openvpn.udp ositp ositp_inactive p1 p22 p772 p_mul packetlogger pcap pdcp-lte pkt_ccc pn532 pn532_hci pn_io png pop ppcap ppi ppi_antenna ppi_gps ppi_sensor ppi_vector ppp ppp_hdlc ppp_lcp_options pres pw_cesopsn_mpls pw_cesopsn_udp pw_eth_cw pw_eth_heuristic pw_eth_nocw pw_fr pw_hdlc_nocw_fr pw_hdlc_nocw_hdlc_ppp pw_oam pw_padding pw_satop_mpls pw_satop_udp q2931 q931 q931.ie q931.ie.cs7 q931.over_ip q931.tpkt q932.apdu q932.ros q933 qllc r3 radiotap radius ranap rbpdu rdc rdc.device_list rdm rdt redbackli reload reload-framing rfc2190 rlc-lte rlc.bcch rlc.ccch rlc.ctch rlc.dcch rlc.dch_unknown rlc.pcch rlc.ps_dtch rmp rmt-fec rmt-lct rnsap rohc ros rpc rpc-tcp rpcap rpl rrc rrc.bcch.bch rrc.bcch.fach rrc.dl.ccch rrc.dl.dcch rrc.dl.shcch rrc.irat.ho_to_utran_cmd rrc.irat.irat_ho_info rrc.mcch rrc.msch rrc.pcch rrc.s_to_trnc_cont rrc.si.mib rrc.si.sb1 rrc.si.sb2 rrc.si.sib1 rrc.si.sib10 rrc.si.sib11 rrc.si.sib11bis rrc.si.sib12 rrc.si.sib13 rrc.si.sib13-1 rrc.si.sib13-2 rrc.si.sib13-3 rrc.si.sib13-4 rrc.si.sib14 rrc.si.sib15 rrc.si.sib15-1 rrc.si.sib15-1bis rrc.si.sib15-2 rrc.si.sib15-2bis rrc.si.sib15-2ter rrc.si.sib15-3 rrc.si.sib15-3bis rrc.si.sib15-4 rrc.si.sib15-5 rrc.si.sib15-6 rrc.si.sib15-7 rrc.si.sib15-8 rrc.si.sib15bis rrc.si.sib16 rrc.si.sib17 rrc.si.sib18 rrc.si.sib19 rrc.si.sib2 rrc.si.sib20 rrc.si.sib21 rrc.si.sib22 rrc.si.sib3 rrc.si.sib4 rrc.si.sib5 rrc.si.sib5bis rrc.si.sib6 rrc.si.sib7 rrc.si.sib8 rrc.si.sib9 rrc.sysinfo rrc.sysinfo.cont rrc.t_to_srnc_cont rrc.ue_radio_access_cap_info rrc.ul.ccch rrc.ul.dcch rrc.ul.shcch rrlp rtacser rtcp rtp rtp.ext.ed137 rtp.ext.ed137a rtp.rfc2198 rtpevent rtpmidi rtse rtsp rua s1ap s5066dts sabp sabp.tcp sbc sccp scop.tcp scop.udp sctp sdh sdp selfm sercosiii ses sgsap sigcomp sip sip.tcp sipfrag sir sita sm smb smb_netlogon smpp smtp sna sna_xid sndcp sndcpxid snmp spnego spnego-krb5 spnego-krb5-wrap sprt srp sscf-nni sscop ssh ssl stun-heur stun-udp sua sv sync synergy synphasor sysex syslog t124 t125 t30.hdlc t38 tali tapa tcap tcp tds telnet tetra tftp tipc tn3270 tn5250 tnef tpkt tpncp tr trmac tte_pcf turbocell turnchannel tzsp ua3g ua_sys_to_term ua_term_to_sys uasip uaudp ubertooth udp ulp umatcp umaudp umts_cell_broadcast urlencoded-form usb usb_dfu usbaudio usbccid usbms user_dlt uts v120 v150fw v52 v5dl v5ef vcdu vp8 vuze-dht wai wbxml wbxml-uaprof websocket wfleet_hdlc wimax_cdma_code_burst_handler wimax_fch_burst_handler wimax_ffb_burst_handler wimax_hack_burst_handler wimax_harq_map_handler wimax_pdu_burst_handler wimax_phy_attributes_burst_handler wimaxasncp wlan wlan_bsfc wlan_datapad wlan_fixed wlan_ht wlancap wmx wmx_mac_mgmt_msg_decoder wpan wpan-nonask-phy wpan_cc24xx wpan_nofcs wsp-cl wsp-co wtp-udp wtp-wtls x.25 x.25_dir x224 x2ap xml xmpp xot zbee_apf zbee_aps zbee_beacon zbee_nwk zbee_nwk_gp zbee_zcl zbee_zcl_general.applctrl zbee_zcl_general.basic zbee_zcl_general.identify zbee_zcl_general.onoff zbee_zcl_general.ota zbee_zcl_general.part zbee_zcl_general.pwrprof zbee_zcl_ha.applevtalt zbee_zcl_ha.applident zbee_zcl_ha.applstats zbee_zcl_ha.metidt zbee_zcl_meas_sensing.illummeas zbee_zcl_meas_sensing.pressmeas zbee_zcl_meas_sensing.relhummeas zbee_zcl_meas_sensing.tempmeas zbee_zcl_se.msg zbee_zdp zep ziop zrtp

answered 17 Feb '14, 10:22

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

0

Finding a dissector by name only works if the dissector rgister by name which this one seems to not be doing.

answered 13 Feb '14, 14:21

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

Well that makes sense. Is there a way to tell how the dissector is registered?

(13 Feb '14, 14:24) shredluc

Non other than looking at the register routine in the source code of the dissector as far as I know.

(13 Feb '14, 14:28) Anders ♦

So this is the registration in the source code:

 255     expert_module_t* expert_moldudp64;
 256 
 257     /* Register the protocol name and description */
 258     proto_moldudp64 = proto_register_protocol("MoldUDP64",
 259             "MoldUDP64", "moldudp64");
 260 
 261     /* Required function calls to register the header fields and subtrees used */
 262     proto_register_field_array(proto_moldudp64, hf, array_length(hf));
 263     proto_register_subtree_array(ett, array_length(ett));
 264     expert_moldudp64 = expert_register_protocol(proto_moldudp64);
 265     expert_register_field_array(expert_moldudp64, ei, array_length(ei));
 266 
 267     /* Register preferences module */
 268     moldudp64_module = prefs_register_protocol(proto_moldudp64,
 269             proto_reg_handoff_moldudp64);
 270 
 271     /* Register a sample port preference   */
 272     prefs_register_uint_preference(moldudp64_module, "udp.port", "MoldUDP64 UDP Port",
 273             "MoldUDP64 UDP port to dissect on.",
 274             10, &pf_moldudp64_port);

I don't understand why i can't look it up by name. It doesn't make any sense to me.

(14 Feb '14, 06:10) shredluc

The lookup failed because moldudp do not perform named dissector registration through new_register_dissector().

(14 Feb '14, 08:28) RuAnShi

You can try following hack. Assign port 43210 in moldudp64 protocol preferences. In LUA script use:

local x = DissectorTable.get("udp.port")
local y = x:get_dissector("43210")
y:call(tvb, pinfo, tree)
(14 Feb '14, 08:39) RuAnShi