This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Comparing tostring(pinfo.cols.protocol) == ‘udp’ crashes Wireshark

0

In my custom dissector i'm having the problem that my dissector isbeing executed on ICMP packages aswell as UDP. In ICMP packages the data is incomplete so the lua script crashes.

To avoid running it on ICMP packages I tried comparing the current protocol to UDP but that crashes Wireshark.

I'm not sure if that is the best way of doing it so I'm open to any other suggestion

function setDefault (t, d)
    local mt = {__index = function () return d end}
    setmetatable(t, mt)
end

do

local protocols = {
    [0] = "RED"
}

local directions = {
    [0] = "Rx",
    [1] = "Tx",
    [2] = "RxTx"
}

setDefault(protocols, "UNDEFINED")
setDefault(directions, "UNKNOWN")
local version = "" -- use this when debugging to increase the number of the parser

-- declare our protocol
local gsg_proto = Proto("GSG"..version, "GSG"..version)

-- create a function to dissect it
function gsg_proto.dissector(buffer, pinfo, tree)
    message("protocol >"..tostring(pinfo.cols.protocol).."<") -- this works fine
    if tostring(pinfo.cols.protocol) == 'udp' then
        pinfo.cols.protocol = "myproto"
        return true
    end
end

gsg_proto:register_heuristic('udp', gsg_proto.dissector)

end

Wireshark Version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0) Windows 7

asked 25 Mar ‘16, 06:04

RedX2501's gravatar image

RedX2501
6113
accept rate: 0%

edited 26 Mar ‘16, 00:39


2 Answers:

0

It should not be possible to cause Wireshark itself to crash merely by using a Lua script, so this is a bug. Please file a bug on this on the Wireshark Bugzilla; please attach your Lua script to the bug.

answered 25 Mar '16, 15:00

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Are you able to reproduce this? If so would you mind filling the bug? I don't want to create another account for this....

(26 Mar '16, 00:37) RedX2501

0

I'm not good with Lua, but the C equivalent to what you want is: pinfo->ptype == PT_UDP

So it should be something like: pinfo.port_type == 3 (not sure if PT_ enumeration is accessible in Lua)

answered 03 May '16, 14:52

Michael%20Mann's gravatar image

Michael Mann
61
accept rate: 0%