Comparing tostring(pinfo.cols.protocol) == ‘udp’ crashes Wireshark

Question

In my custom dissector i'm having the problem that my dissector isbeing executed on ICMP packages aswell as UDP. In ICMP packages the data is incomplete so the lua script crashes.

To avoid running it on ICMP packages I tried comparing the current protocol to UDP but that crashes Wireshark.

I'm not sure if that is the best way of doing it so I'm open to any other suggestion

function setDefault (t, d)
    local mt = {__index = function () return d end}
    setmetatable(t, mt)
end
do
local protocols = {
    [0] = &quot;RED&quot;
}

local directions = {
    [0] = &quot;Rx&quot;,
    [1] = &quot;Tx&quot;,
    [2] = &quot;RxTx&quot;
}

setDefault(protocols, &quot;UNDEFINED&quot;)
setDefault(directions, &quot;UNKNOWN&quot;)
local version = &quot;&quot; -- use this when debugging to increase the number of the parser

-- declare our protocol
local gsg_proto = Proto(&quot;GSG&quot;..version, &quot;GSG&quot;..version)

-- create a function to dissect it
function gsg_proto.dissector(buffer, pinfo, tree)
    message(&quot;protocol &gt;&quot;..tostring(pinfo.cols.protocol)..&quot;&lt;&quot;) -- this works fine
    if tostring(pinfo.cols.protocol) == &#39;udp&#39; then
        pinfo.cols.protocol = &quot;myproto&quot;
        return true
    end
end

gsg_proto:register_heuristic(&#39;udp&#39;, gsg_proto.dissector)

end

Wireshark Version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0) Windows 7

Answer 1

It should not be possible to cause Wireshark itself to crash merely by using a Lua script, so this is a bug. Please file a bug on this on the Wireshark Bugzilla; please attach your Lua script to the bug.

Answer 2

I'm not good with Lua, but the C equivalent to what you want is: pinfo->ptype == PT_UDP

So it should be something like: pinfo.port_type == 3 (not sure if PT_ enumeration is accessible in Lua)