This is our old Q&A Site. Please post any new questions and answers at

The Lua dissector below causes a segmentation fault in Wireshark 1.2 and Wireshark 1.4.1. This works fine in Wireshark 1.0.0.

It appears that the call to payload_dissector_table:try() is causing the problem, but I can't figure out why. If I remove that call, the dissector runs fine. If I change the dissector table so that it doesn't match any packets, the dissector runs fine. If I remove everything from the testProtoSubprotocol.dissector() function, I get a crash. So, it doesn't look like there's anything wrong about testProtoSubprotocol.dissector() itself.

I'm not sure why this is happening, or where to go from here to debug it. Does anyone have any suggestions either on what the issue is, or how to debug it further?


Lua dissector

testProtoSubprotocol = Proto("testproto.test", "Test Protocol Frame Type 0")

local testSubfields = testProtoSubprotocol.fields
testSubfields.number = ProtoField.uint16("testproto.test.number", "Number", base.DEC)

function testProtoSubprotocol.dissector(buffer, pinfo, tree)
    local subtree = tree:add(testProtoSubprotocol, buffer())
    local number = buffer(0, 2)
    subtree:add_le(testSubfields.number, number) = "Number " number:le_uint() )

testDissectorTable = "testproto", "Test Protocol" )
testDissectorTable:add( 0, testProtoSubprotocol )

testProtocol = Proto("testproto", "Test Protocol")

local frametypes = {
    [0x00] = "Test Frame Type",

local fields = testProtocol.fields
fields.frameType = ProtoField.uint8("testproto.frame_type", "Frame Type", base.HEX, frametypes, 0x0F)
fields.payload = ProtoField.bytes("testproto.payload", "Payload")

function testProtocol.dissector(buffer, pinfo, tree)
    pinfo.cols.protocol =

    local subtree = tree:add(testProtocol, buffer())

    local frame_type = mask( buffer(0, 1):uint(), 0x0F )

    subtree:add(fields.frameType, buffer(offset, 1))

    payload = buffer(2, 60)
    local payload_dissector_table = DissectorTable.get( "testproto" )
    payload_dissector_table:try( frame_type, payload:tvb(), pinfo, subtree )

function mask( value, mask )
    return value % (mask + 1)

ethernet_table = DissectorTable.get("ethertype")
ethernet_table:add(0x4A46, testProtocol)

Version information:

wireshark 1.4.1

Copyright 1998-2010 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO

Compiled with GTK+ 2.20.1, (32-bit) with GLib 2.24.1, with libpcap 1.0.0, with
libz, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8,
with c-ares 1.7.0, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt
1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18
2010 22:31:30), without AirPcap.

Running on Linux 2.6.32-24-generic, with libpcap version 1.0.0, with libz, GnuTLS 2.8.5, Gcrypt 1.4.4.

Built using gcc 4.4.3.

asked 20 Oct '10, 16:11

Jacques's gravatar image

accept rate: 0%

edited 15 May '12, 15:09

helloworld's gravatar image


asked 20 Oct '10, 16:11
edited 25 mins ago ???

I wonder if @Jacques is still waiting for an answer :-)

(15 May '12, 15:36) Kurt Knochner ♦

@Kurt, yes :) that would be my edit. The question was difficult to read because of the formatting, and the fix was simple. The reported problem might not be an issue any more, but it can still be answered regardless of whether @Jacques is waiting for the answer :)

(15 May '12, 16:00) helloworld
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 20 Oct '10, 16:11

question was seen: 4,824 times

last updated: 15 May '12, 16:00

p​o​w​e​r​e​d by O​S​Q​A