Trying to have a lua script to interpret mpls payload as ether frame without control word. I have to match certain mpls label value. Is there any way to match all label values? Looks like Here is the script. asked 08 Mar '16, 07:52  yacare |
One Answer:
It does not like a pattern because the "pattern" values in the DissectorTable are indices to it, so using a pattern would require a change of the lookup method from the current plain to a more complex (and thus much slower) procedure involving regex-based matching of the plain Repeating my suggestion in the follow-up of my answer to your older question, you may want to file a "nice to have" category bug at Wireshark bugzilla, asking for a generic mechanism allowing some kind of reserved index value (such as You may also ask for the regex way, maybe there is a way to implement use of regex (or numeric ranges) which would not cause a big slowdown, I'm not that deep in programming. In any case, it is a matter for bugzilla, not for Q&A. answered 08 Mar '16, 08:38  sindy showing 5 of 7 show 2 more comments |
Thanks Sindy. I am new to wireshark. Will check how to file a "nice to have" bug.
Trying to find an immediate way to solve my need as for now. Where can I find all the available DissectorTable for mpls? Trying to use something like DissectorTable.get("mpls.ttl"), but the DissectorTable doesn't exist.
"All the available payload dissector tables for MPLS" are the single one which uses MPLS label as an index, as you can see when you click
Decode as.... The dissector tables for choosing payload dissector per transport's field are hardcoded - normally, the most logical field is chosen, which is the label in case of MPLS. I. e. you cannot arbitrarily choose any field of the transport protocol and dynamically attach to it a dissector table. The reason is once again the processing speed, if done that way, each dissector would have to go field by field and check whether by chance a table isn't hooked to it.we were using a slight modification to this:
local dis_eth = Dissector.get("eth") local mpls_table = DissectorTable.get("mpls.label") for label=0,1048575 do mpls_table:add(label,dis_eth) endnow, in the recent wireshark versions (cannot tell when it started) we receive the error
Lua: Error during loading: [string "path"]:1: bad argument #1 to 'get' (Dissector_get: No such dissector)any hint or idea what we may do to make this working again ?
@x42, your post was not an Answer to the original Question, so I've converted it into a Comment.
The issue you are facing is related to a change of ethernet handling in 2.2.0. You can find all you need in answers to this and this Question.
cool ... thanks a lot for your info :-)
so we have simply substituted "eth" in our script with "eth_withoutfcs" and are able to work again.
our script IS working for all mpls-labels ... well it's ugly, since we have a huge loop, but wireshark seem to be able to handle this very nicely ;-)
we are still facing a slight complication detemining whether we have a control-word (cw) present or not: mpls-traffic flowing through our core-routers contain a mix of frames with and without cw.
it is not a big problem since we are planning to turn on cw's on all traffic, yet we may post a detailed question about this in future ...
If you do not need that your Lua dissector is backward compatible, it is enough indeed.
Before doing that, please have a look at this Question:
great ... thanks a lot again for your extremely quick and competent answers :-)