This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Lua plugin returning data to Wireshark

0

Hello, I'm pretty new to Lua, so sorry if this question is too easy. However, I have searched a great part of internet looking for the answear, hope you will be able to help. I am running on Wireshark v1.99.9rc0-197-g7833b93

I am writing a plugin for Wireshark in Lua, in order to enable it to read IPT protocol. The problem is, that inside the IPT message, there is another message, written in SML. This is why I would like to "give" the data (a part of the frame that is in fact SML frame) back to Wireshark, so that I could decode it as the SML frame.

Another problem with SML is that I can not invoke it from my protocole - function:

Dissector.get("sml"):call(tvb, pktinfo, tree)

gives the following error:

Lua Error: [string "C:\Development\wireshark\wireshark-gtk2\plugi..."]:214: bad argument #1 to 'get' (Dissector_get: No such dissector)

So I can not even do it in this more "simple" way. Is it even possible to call SML from Lua script?

asked 20 Aug '15, 07:45

Macko125's gravatar image

Macko125
11114
accept rate: 0%


One Answer:

1

It is possible, I think, but fairly tricky. The problem is SML does not register its dissector by name, so you can't get it by name. Instead, I think you can get it from the "tcp.port" or "udp.port" table it adds its dissector into, by using the get_dissector() method. For example:

-- assuming the SML dissector is registered for TCP port 7259
local sml_dissector = DissectorTable.get("tcp.port"):get_dissector(7259)

Unfortunately, the SML dissector is not added to the TCP or UDP port table unless/until its preference settings tell it to be (it's disabled by default). So... you'll have to:

  1. Set the preference for SML to use the TCP or UDP port for some number you choose, in Edit->Preferences->Protocols->SML. Save that preference, and restart wireshark.

  2. You can't get the SML dissector until it's read its preference settings, which won't happen until after your Lua file loads. That means you'll need to not get the dissector until later - for example within your dissector function or in a myproto.init() function. You don't need to get it every time, just save it to a local variable that was declared outside of your function. For example:

    -- this will hold the SML dissector
    local sml_dissector
    

    function myhproto.dissector(tvbuf, pinfo, tree) if not sml_dissector then – assuming your SML dissector registers on TCP port 7259 sml_dissector = DissectorTable.get("tcp.port"):get_dissector(7259) end

    -- use the dissector
    sml_dissector:call(tvb, pktinfo, tree)
    

    end

Note: I haven’t tried the above, but it should work. (hopefully)

answered 20 Aug ‘15, 10:00

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

That helped. Thanks a lot!

(21 Aug ‘15, 01:42) Macko125