The Lua dissector below causes a segmentation fault in Wireshark 1.2 and Wireshark 1.4.1. This works fine in Wireshark 1.0.0.
It appears that the call to payload_dissector_table:try()
is causing the problem, but I can't figure out why. If I remove that call, the dissector runs fine. If I change the dissector table so that it doesn't match any packets, the dissector runs fine. If I remove everything from the testProtoSubprotocol.dissector()
function, I get a crash. So, it doesn't look like there's anything wrong about testProtoSubprotocol.dissector()
itself.
I'm not sure why this is happening, or where to go from here to debug it. Does anyone have any suggestions either on what the issue is, or how to debug it further?
Thanks!
Lua dissector
testProtoSubprotocol = Proto("testproto.test", "Test Protocol Frame Type 0")
local testSubfields = testProtoSubprotocol.fields
testSubfields.number = ProtoField.uint16("testproto.test.number", "Number", base.DEC)
function testProtoSubprotocol.dissector(buffer, pinfo, tree)
local subtree = tree:add(testProtoSubprotocol, buffer())
local number = buffer(0, 2)
subtree:add_le(testSubfields.number, number)
pinfo.cols.info = "Number "
pinfo.cols.info:append( number:le_uint() )
end
testDissectorTable = DissectorTable.new( "testproto", "Test Protocol" )
testDissectorTable:add( 0, testProtoSubprotocol )
testProtocol = Proto("testproto", "Test Protocol")
local frametypes = {
[0x00] = "Test Frame Type",
}
local fields = testProtocol.fields
fields.frameType = ProtoField.uint8("testproto.frame_type", "Frame Type", base.HEX, frametypes, 0x0F)
fields.payload = ProtoField.bytes("testproto.payload", "Payload")
function testProtocol.dissector(buffer, pinfo, tree)
pinfo.cols.protocol = testProtocol.name
local subtree = tree:add(testProtocol, buffer())
local frame_type = mask( buffer(0, 1):uint(), 0x0F )
subtree:add(fields.frameType, buffer(offset, 1))
payload = buffer(2, 60)
local payload_dissector_table = DissectorTable.get( "testproto" )
payload_dissector_table:try( frame_type, payload:tvb(), pinfo, subtree )
end
function mask( value, mask )
return value % (mask + 1)
end
ethernet_table = DissectorTable.get("ethertype")
ethernet_table:add(0x4A46, testProtocol)
wireshark 1.4.1
Copyright 1998-2010 Gerald Combs <[email protected]wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.20.1, (32-bit) with GLib 2.24.1, with libpcap 1.0.0, with
libz 1.2.3.3, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8,
with c-ares 1.7.0, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt
1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18
2010 22:31:30), without AirPcap.
Running on Linux 2.6.32-24-generic, with libpcap version 1.0.0, with libz
1.2.3.3, GnuTLS 2.8.5, Gcrypt 1.4.4.
Built using gcc 4.4.3.
asked 20 Oct ‘10, 16:11
Jacques
1●1●1●1
accept rate: 0%
edited 15 May ‘12, 15:09
helloworld
3.1k●4●20●41
asked 20 Oct ‘10, 16:11
edited 25 mins ago ???
I wonder if @Jacques is still waiting for an answer :-)
@Kurt, yes :) that would be my edit. The question was difficult to read because of the formatting, and the fix was simple. The reported problem might not be an issue any more, but it can still be answered regardless of whether @Jacques is waiting for the answer :)