This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Why Some LUA APIs not supporting in Wireshark 1.10.6?

0

I have installed wireshark version 1.10.6 in Ubuntu(14.04) And I have written sample lua file which i am trying to run in windows and ubuntu both.in windows7 it is working fine but in ubuntu it is creating problem see the picture my lua code is below

local myproto = Proto("myproto", "My Protocol") function myproto.dissector (buf, pkt, root) local t = root:add(myproto, buf()):append_text("hi") t:add(buf(0, 1),string.format("First Byte: %d",buf(0,1):uint())) end local tcp_table = DissectorTable.get("tcp.port") tcp_table:add(8443, myproto) tcp_table:add(61639, myproto)

windows_wireshark

windows_wireshark

ubuntu_wireshark alt text

I am using Lua 5.2

asked 09 Apr '15, 01:07

ankit's gravatar image

ankit
65232328
accept rate: 25%

edited 10 Apr '15, 14:06

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

What version of Wireshark are you running on Windows? Is it also 1.10.6?

(09 Apr '15, 06:18) JeffMorriss ♦

I am using 1.12.4 latest one in windows and when i did apt-get install wireshark command in ubuntu. It installed 1.10.6 wireshark version

(09 Apr '15, 08:28) ankit

One Answer:

0

I'm no Lua-for-Wireshark expert, but:

I'd say that somewhere between 1.10 and 1.12 the append_text() API was modified to return the tree item. So if you want to use that exact code it'll only work in 1.12+.

But, I think you probably don't really want/need to anyway. I think this should work in both versions:

function myproto.dissector (buf, pkt, root)
   local t = root:add(myproto, buf())
   t:append_text("hi")
   t:add(buf(0, 1),string.format("First Byte: %d",buf(0,1):uint()))
end

answered 09 Apr '15, 10:46

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

thanks jeffMorriss for looking into my problem. But here my problem is after append_text in parent tree it is giving me error for e.g in above same code function myproto.dissector (buf, pkt, root) local t = root:add(myproto, buf()) localst = t:append_text("hi") st:add(buf(0,1)),string.format("First Byte:%d,buf(0,1):uint())

and one more thing, according to you 1.12 is latest one for ubuntu. but when i am doing apt-get install wireshark after apt-get update. it is telling me that you have already latest version....

(09 Apr '15, 21:34) ankit

You are using Ubuntu 14.04, the latest version of Wireshark for that release is 1.10.6.

To get a newer version of Wireshark that has the functionality in the Lua API you require, you'll either have to; compile your own from the Wireshark sources (can build any version), move to a newer version of Ubuntu (at least utopic, 14.10) which will get you 1.12.1, or use the Wireshark development ppa which again gives you 1.12.1.

(10 Apr '15, 02:26) grahamb ♦

Oh, sorry, I meant to provide another response (thanks, Graham, for answering the version problem).

Why are you trying to add an item to the thing which is returned by append_text()? I think you should be able to do it as I had: create the top-level protocol item, append text to it, and then add an item the top-level protocol item ('t' in my sample code). There's no need for the 'st' variable in your (latest) code.

(23 Apr '15, 14:59) JeffMorriss ♦