This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Does Wireshark ignore metamethod __index of table?

0

I wrote a dissector in Lua as following.

local values = {[2] = "Two"}
setmetatable(values, {__index = function () return "Not two" end})
local proto = Proto("myproto", "My Protocol")
local field1 = ProtoField.uint8(proto.name..".field1", "Field1", base.DEC, values)
proto.fields = {field1}
function proto.dissector (buf, pkt, root)
   local t = root:add(proto, buf())
   local r = buf(1, 1)
   t:add(field1, r)
   local i = r:uint()
   t:add(r, string.format("Field1: %s (%d)", values[i], i))
end
DissectorTable.get("tcp.port"):add(10000, proto)

When buf(1,1) is two, Wireshark dissected as following.

My Protocol
  Field1: Two (2)
  Field1: Two (2)

But, when buf(1,1) is not two, Wireshark dissected as following.

My Protocol
  Field1: Unknown (130)
  Field1: Not two (130)

It seems that Wireshark ignores metamethod "__index" of values table. Is this Wireshark behavior a bug or spec?

(I'm using Wireshark 1.10.2 and liblua 5.1.3)

asked 25 Mar '15, 23:10

cosmos's gravatar image

cosmos
6224
accept rate: 0%

One Answer:

1

This question is a bit old, but since no one has answered...

Is this Wireshark behavior a bug or spec?

It's not a bug, but more of a design issue - Wireshark does not use that "values" value-to-string Lua table as an actual Lua table during run-time processing/decoding of packets in its internal C-code field parsers... instead, it reads that Lua table when it processes the ProtoField.uint8() function to create the ProtoField, and converts the Lua table into an internal C-code "value_string" array (or really, an array of value_string C-structs). So that Lua table is only accessed when the Lua plugin script is first loaded, before any packet decoding. The C-code array is then used by the internal code to figure out things when packets are actually decoded.

In your code above, when you do "t:add(field1, r)", you're invoking the internal C-code to decode/parse the ProtoField from the buffer using the attributes you previously defined in the ProtoField.uint8() call, so no metamethod is invoked because it's not coming back into Lua during that C-code parsing; but when you later do "t:add(r, string.format("Field1: %s (%d)", values[i], i))" then you're doing the "parsing" yourself in Lua and thus the metamethod works for that case.

answered 27 Jun '15, 22:26

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%