Recently I created a few ProtoFields in a Lua file that contains a dissector. The ProtoFields seem to work great when I test the dissector, and I can even use them as a display filter. The file looks like this: The problem occurs in a separate file, where I want to create a Listener to gather some statistics for the protocol. In this file I have I’m aware that Field objects have to be created outside of the callback functions of dissectors, post-dissectors, heuristic-dissectors, and taps, which is why I did so in my code. My questions and concerns are: Why are my fields in the Listener file not recognized, when they are clearly recognized in the dissector? Are they instantly destroyed after they’re used in the dissector? Do the Field extractors have to be created in the same file that the Protofields were created in? Does the Listener have to be created in the same file as the Dissector for this particular scenario? I really appreciate the help and advice! Thanks, Jeffrey asked 10 Jul ‘14, 07:23  jphmiller edited 10 Jul ‘14, 12:22 |
One Answer:
Well, first you have this: ...but " Also, you need to make sure the file that defines the new protocol (the one with the code at the beginning of your question) is loaded before the file with the answered 10 Jul '14, 09:06  Hadriel I'm sorry I copied line of code incorrectly. I fixed the original post. I have: get_msg_id = Field.new("foo.msg_id") How is the load priority in \Wireshark\plugins\<version> decided for 2 lua source files? I also placed both files in \Wireshark and tried at the bottom of the init.lua dofile("dissector.lua") dofile("listener.lua") and received the same error. I figured Wireshark started with loading init.lua, and so before it did anything else I thought I could load them in here, where I can specify which loads before the other. Perhaps it's not doing what I think it's doing? (10 Jul '14, 11:24) jphmiller 1 Sadly there is no specific order for files loaded from the plugin directory - the code relies on another library function to do it, which is known to not provide any specific ordering guarantee, and might be different on different operating systems or even disk formats. Since your two files are not really independent, you could name the first one (10 Jul '14, 11:44) Hadriel I tried both of those ideas and continued to receive: bad argument #1 to 'new' (Field_new: a field with this name must exist) Did I not register my protocol fields properly or something? (10 Jul '14, 11:53) jphmiller 1 No you did register them, with this line: ... so long as the Oh... wait a minute... you're on 1.10.8 - try it on 1.12.0 instead. There was a bug that prevented a Lua-created ProtoField from being used by a Lua-based Field. It was fixed late last year, but my guess is not in 1.10.x. (10 Jul '14, 14:38) Hadriel Yep, that was it. I installed 1.12.0, plunked everything in and was good to go. For anybody experiencing this same problem with the current stable version (1.10.8). The fix for this Field.new() bug (3513) was implemented in 1.11.2. You'll have to upgrade. (11 Jul '14, 05:31) jphmiller |
Oh also,
Wireshark Version 1.10.8 Windows 7
I just did some more research, I found that there was a bug [3513] that prevented Field.new from retrieving a previously defined custom fields. The fix was back in October… could anyone give me a confirmation that this fix was back ported to version 1.10.8?