This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

repository for non-standard dissectors/protocols and other lua code

1

Just finished my dissector for xPL. Its a lua based script.

To make it usefull to others, I would like to know whether there is a repository somewhere where I could store/upload this codefile?

regards Thijs

asked 26 Apr '11, 12:46

Tieske's gravatar image

Tieske
21114
accept rate: 0%

edited 26 Apr '11, 12:47


4 Answers:

0

Wireshark's Lua wiki page has a link to Wireshark Lua examples, so for now, the best place to post it might be to that page.

Edited/hijacked by Hadriel: There is now a Wireshark Lua plugin repository at the Contrib wiki page. Some of the plugins linked there are physically hosted on the wiki, while others are on github/etc.

answered 26 Apr '11, 13:36

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

edited 07 Jul '15, 18:21

Hadriel's gravatar image

Hadriel
2.7k2939

Unfortunately that page is marked as 'Immutable Page', so I can't update it (actually all pages seem to be immutable...)

(26 Apr '11, 13:46) Tieske
1

You need to be logged in to make any changes. Create a login

(26 Apr '11, 13:52) helloworld

Yes indeed, didn't notice that the Q&A and Wiki have seperate user accounts. Then again, the code is quite long, so just dropping it in there doesn't seem a good idea. Will see about hosting a download on my own site and then referring to that, or maybe add a protocol page from where the reference can be added.

Thanks for your effort!

(26 Apr '11, 14:04) Tieske

Well, just as we a SampleCaptures wiki page, you could just attach your script instead of posting its contents. Actually, that seems like a better idea for all of the current scripts too.

helloworld mentions some other good alternatives, but I was also thinking long-term that we might just include the example scripts as part of the Wireshark distribution. Since I don't use Lua myself, you might want to post this question on the wireshark-dev mailing list to see what the other developers who actually use Lua think about it.

(26 Apr '11, 15:37) cmaynard ♦♦
1

@cmaynard: I agree that sample scripts (which Tieske's dissector is not) are great for the Wiki because they're typically short in length, few in number, and rarely change.

I like the idea of including Lua scripts (not just examples) in the Wireshark distribution. Developers would just submit their Lua dissectors to be included in the next release just as they would for C dissectors.

(26 Apr '11, 19:07) helloworld
1

"... just submit their Lua dissectors to be included in the next release just as they would for C dissectors."

There's something more to it than that I'm afraid. These C dissectors are reviewed to adhere to certain guidelines, fuzz tested for robustness and maintained. Non of this is arranged for Lua dissectors. So there is a difference between them.

(27 Apr '11, 07:46) Jaap ♦
1

@Jaap, Fuzz testing a dissector should be language-agnostic, so I don't see any difficulties there (or am I missing something?). If a fuzzed Lua dissector met a certain set of requirements (equivalent to the guidelines for a C dissector), could it be included in the Wireshark distribution?

(27 Apr '11, 15:15) bstn

@Jaap; any progress on this? What's required to get it tested? is there anything I can do?

(01 May '11, 11:53) Tieske
showing 5 of 8 show 3 more comments

1

I don't think a Wiki is a good place for a source-code repository. I would put it in LuaForge.

Perhaps a better solution would be to create a Wiki page that lists available open-source Lua dissectors. In this list would be a link to your dissector's LuaForge project page.

answered 26 Apr '11, 14:06

helloworld's gravatar image

helloworld
3.1k42041
accept rate: 28%

Its already posted on my site, and in the xPL projects SVN (googlecode). So adding more sites/places to maintain it doesn't seem like a good idea.

If it could be added to the distribution, that would be worth the effort of another location to maintain. Otherwise I'll just stick to add a few links to where is can be found, and for that purpose a wiki page with opensource Lua dissectors sounds like a good idea.

(27 Apr '11, 14:21) Tieske

0

Had a look at the wiki and tried to find an entry point for a page to list additional stuff. My take would be to add a link called something like; "Additional plugins: additional resources to complete your Wireshark setup" on the frontpage as the last item under heading "Prepare Wireshark / TShark"

That should then lead to a page that lists a number of links to additional material generated by the community. I think this would be a good idea anyway, independent of lua dissectors being included in the distribution or not.

answered 27 Apr '11, 15:28

Tieske's gravatar image

Tieske
21114
accept rate: 0%

I don't think a link to a page about dissectors really goes under Prepare Wireshark/TShark. The list (or a link to it) should be in the Lua page, where all the other Lua stuff is.

(27 Apr '11, 17:00) helloworld

I don't agree, question is what to name the category after, something a programmer/creator refers to, or something a user would be looking for. A user looking for a additional stuff, will not go look for 'Lua' but rather for 'downloads', 'plugin', 'addon', etc. It should be related to finding something, not to storing something.

My intent was further not to make it as specific as 'Lua dissector', but broader, page subtitles can be used to further structure the information served, and as it grows subpages in the future.

(27 Apr '11, 22:36) Tieske

I see now, but I don't understand how Prepare Wireshark/Tshark would be the right category for that. IMHO, there are a number of better choices, including ThirdPartyServices, Tools, and Development. Even Use Wireshark/Tshark or Miscellaneous seem more appropriate.

(27 Apr '11, 22:55) helloworld

I came to that from my setup experience, installed it, configured capturing, went looking for xPL support, exactly in that order.

But all said and done, your proposed location under 'Use Wireshark/Tshark' would be the best fit then I suppose.

can we agree on that?

(28 Apr '11, 01:53) Tieske

"Use Wireshark/Tshark" sounds good to me

(28 Apr '11, 08:23) bstn

Yes, I agree.

(28 Apr '11, 15:18) helloworld

OK, could anyone update the frontpage of the wiki accordingly? I've no rights to edit it.

(01 May '11, 11:50) Tieske
showing 5 of 7 show 2 more comments

0

There's one very nice open source shared repository: GitHub, you can find few projects related to Wireshark out there, just search for Wireshark Lua scripts there.

Google Code hosts plenty of great Wireshark related projects as well. For example, this one is to reverse engineer Google protocols themself =)

You can post your project out there and I guess the community would notice.

answered 08 Nov '11, 16:25

ShomeaX's gravatar image

ShomeaX
736
accept rate: 0%

edited 08 Nov '11, 20:14