Re: [Wireshark-dev] Unable to detect custom protocol dissector

2020-02-13 Thread Graham Bloice 
Does your custom build of Wireshark include Lua?  What does the Help |
About Wireshark | Wireshark info show?

On Wed, 12 Feb 2020 at 21:46, sandip gangakhedkar 
wrote:

> Hi,
>
> I am using a Custom protocol dissector (Lua script) for the GeoNetworking
> header. I have build wireshark 3.2.1 from source on Ubuntu 18.04 and placed
> the Lua script in the Global plugins directory. However, the script fails
> when to find the Geonetworking protocol when I invoke it in the script:
>
>   Dissector.get("gnw"):call(newTvb, pkt, root)
>
> So I tried another approach:
>
>   gnw_dissector = DissectorTable.get("ethertype"):get_dissector(35143)
>
> The protocol gnw (GeoNetworking) corresponds to an EtherType of 35143 in
> my Wireshark protocols configuration. However, this also fails to find the
> "gnw" protocol.
>
> How can I get wireshark to detect the GeoNetworking protocol from my
> custom Lua script?
>
> Thanks in advance.
>
>
>

-- 
Graham Bloice
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Unable to detect custom protocol dissector

2020-02-13 Thread Anders Broman via Wireshark-dev 
 

 

From: Wireshark-dev  On Behalf Of Graham 
Bloice
Sent: den 13 februari 2020 11:09
To: Developer support list for Wireshark 
Subject: Re: [Wireshark-dev] Unable to detect custom protocol dissector

 

Does your custom build of Wireshark include Lua?  What does the Help | About 
Wireshark | Wireshark info show?

 

On Wed, 12 Feb 2020 at 21:46, sandip gangakhedkar mailto:sandipfl...@gmail.com> > wrote:

Hi,

 

I am using a Custom protocol dissector (Lua script) for the GeoNetworking 
header. I have build wireshark 3.2.1 from source on Ubuntu 18.04 and placed the 
Lua script in the Global plugins directory. However, the script fails when to 
find the Geonetworking protocol when I invoke it in the script:

 

  Dissector.get("gnw"):call(newTvb, pkt, root)

 

So I tried another approach:

 

  gnw_dissector = DissectorTable.get("ethertype"):get_dissector(35143)

 

The protocol gnw (GeoNetworking) corresponds to an EtherType of 35143 in my 
Wireshark protocols configuration. However, this also fails to find the "gnw" 
protocol.

 

How can I get wireshark to detect the GeoNetworking protocol from my custom Lua 
script?

 

Thanks in advance.

 

 


The function DissectorTable.get("ethertype"):get_dissector(35143)

 

 
https://wiki.wireshark.org/LuaAPI/Dissector#dissectortable:get_dissector.28pattern.29

gets the handle of the built in GNW dissector as far as I can tell. Is that 
what you want? Why do you want to replace the existing dissector? (If that’s 
what you are trying to do).

 

Regards

Anders

 



smime.p7s
Description: S/MIME cryptographic signature
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Unable to detect custom protocol dissector

2020-02-13 Thread sandip gangakhedkar 
Thanks for your replies.

I do have Lua support built in. Results of Help --> About Wireshark:
==
3.2.1 (Git commit bf38a67724d0)

Compiled (64-bit) with Qt 5.9.5, with libpcap, without POSIX capabilities,
without libnl, with GLib 2.56.4, with zlib 1.2.11, without SMI, without
c-ares,
with Lua 5.2.4, without GnuTLS, with Gcrypt 1.8.1, without Kerberos, without
MaxMind DB resolver, without nghttp2, without brotli, with LZ4, without
Zstandard, without Snappy, with libxml2 2.9.4, with QtMultimedia, with
SpeexDSP
(using bundled resampler), without SBC, without SpanDSP, without bcg729.

Running on Linux 5.3.0-28-generic, with Intel(R) Core(TM) i7-8700 CPU @
3.20GHz
(with SSE4.2), with 7670 MB of physical memory, with locale en_US.UTF-8,
with
light display mode, without HiDPI, with libpcap version 1.8.1, with Gcrypt
1.8.1, with zlib 1.2.11, binary plugins supported (15 loaded).

Built using gcc 7.4.0.
==

@Anders: I do not want to replace the existing gnw Dissector. But I have a
fixed length custom header before the GNW dissector and want to call the
standard built-in gnw Dissector on the same tree after my custom Dissector
is finished parsing (which works correctly at the moment).


Thanks.

On Thu, Feb 13, 2020 at 1:04 PM Anders Broman via Wireshark-dev <
wireshark-dev@wireshark.org> wrote:

>
>
>
>
> *From:* Wireshark-dev  *On Behalf Of
> *Graham Bloice
> *Sent:* den 13 februari 2020 11:09
> *To:* Developer support list for Wireshark 
> *Subject:* Re: [Wireshark-dev] Unable to detect custom protocol dissector
>
>
>
> Does your custom build of Wireshark include Lua?  What does the Help |
> About Wireshark | Wireshark info show?
>
>
>
> On Wed, 12 Feb 2020 at 21:46, sandip gangakhedkar 
> wrote:
>
> Hi,
>
>
>
> I am using a Custom protocol dissector (Lua script) for the GeoNetworking
> header. I have build wireshark 3.2.1 from source on Ubuntu 18.04 and placed
> the Lua script in the Global plugins directory. However, the script fails
> when to find the Geonetworking protocol when I invoke it in the script:
>
>
>
>   Dissector.get("gnw"):call(newTvb, pkt, root)
>
>
>
> So I tried another approach:
>
>
>
>   gnw_dissector = DissectorTable.get("ethertype"):get_dissector(35143)
>
>
>
> The protocol gnw (GeoNetworking) corresponds to an EtherType of 35143 in
> my Wireshark protocols configuration. However, this also fails to find the
> "gnw" protocol.
>
>
>
> How can I get wireshark to detect the GeoNetworking protocol from my
> custom Lua script?
>
>
>
> Thanks in advance.
>
>
>
>
>
>
> The function DissectorTable.get("ethertype"):get_dissector(35143)
>
>
> https://wiki.wireshark.org/LuaAPI/Dissector#dissectortable:get_dissector.28pattern.29
>
> gets the handle of the built in GNW dissector as far as I can tell. Is
> that what you want? Why do you want to replace the existing dissector? (If
> that’s what you are trying to do).
>
>
>
> Regards
>
> Anders
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Lua dissector question

2020-02-13 Thread Juanjo Martin Carrascosa 
Hi dev team,

I am writing a Lua dissector. The 4 bytes in my packet encode a little
endian uint32. But the following lines decode it as big endian:

local device_status  = ProtoField.new   ("Device Status",
"status.device_status", ftypes.UINT32)
...
tree:add(device_status, tvbuf:range(4,4))

How can I fix this?

Regards,
Juanjo Martin
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Lua dissector question

2020-02-13 Thread Graham Bloice 
On Thu, 13 Feb 2020 at 16:54, Juanjo Martin Carrascosa 
wrote:

> Hi dev team,
>
> I am writing a Lua dissector. The 4 bytes in my packet encode a little
> endian uint32. But the following lines decode it as big endian:
>
> local device_status  = ProtoField.new   ("Device Status",
> "status.device_status", ftypes.UINT32)
> ...
> tree:add(device_status, tvbuf:range(4,4))
>
> How can I fix this?
>
> Regards,
> Juanjo Martin
>
>
The endianess is set when adding it to the tree, e.g. tree:add_le(...)


-- 
Graham Bloice
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Lua dissector question

2020-02-13 Thread Juanjo Martin Carrascosa 
Wonderful. It works. Thanks Graham!

On Thu, Feb 13, 2020 at 6:07 PM Graham Bloice 
wrote:

>
> On Thu, 13 Feb 2020 at 16:54, Juanjo Martin Carrascosa 
> wrote:
>
>> Hi dev team,
>>
>> I am writing a Lua dissector. The 4 bytes in my packet encode a little
>> endian uint32. But the following lines decode it as big endian:
>>
>> local device_status  = ProtoField.new   ("Device Status",
>> "status.device_status", ftypes.UINT32)
>> ...
>> tree:add(device_status, tvbuf:range(4,4))
>>
>> How can I fix this?
>>
>> Regards,
>> Juanjo Martin
>>
>>
> The endianess is set when adding it to the tree, e.g. tree:add_le(...)
>
>
> --
> Graham Bloice
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe



-- 

Juanjo Martin
Principal Application Engineer
EMEA Services Lead @ Professional Services Group
Office: +34 958 27 88 62
jua...@rti.com
www.rti.com
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Unable to detect custom protocol dissector

2020-02-13 Thread Maynard, Chris via Wireshark-dev 
I’m not sure what you’re trying to do, but there’s already a Wireshark built-in 
dissector for GeoNetworking[1].

If you’re trying to replace it for some reason, then you may either need to 
disable that one or remove it completely.  And if you’re trying to implement in 
Lua, then you’ll need to register it as a heuristic dissector using 
register_heuristic[2].  However, it seems that there might be a bug with 
respect to this function[3], as the following simple Lua script seems to 
indicate:

local p_gnw = Proto("gnwHdr", "GeoNetworkingHdr")

function p_gnw.dissector(tvbuf, pinfo, tree)

local ethertype = tvbuf(12, 2):uint()
if ethertype == 35143 then
pinfo.cols.protocol:set("GNW")
return true
else
return false
end
end

p_gnw.register_heuristic("eth", p_gnw.dissector)


When Wireshark is started with this gnw.lua script loaded, the following error 
message is encountered:

Lua: Error during loading:
path\to\gnw.lua:14:bad
argument #1 to ‘register_heuristic’ (userdata expected, got string)
stack traceback:
 [C]: in function ‘register_heuristic’
 path\to\gnw.lua:14:
in main chunk

- Chris
[1]: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-geonw.c;h=21290a3b179c8974483a2f762cbe512fbec67103;hb=HEAD
[2]: https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html 
(Section 11.6.5.3)
[3]: 
https://osqa-ask.wireshark.org/questions/54158/register-heuristic-function-for-multiple-heuristic-list-names-in-lua


From: Wireshark-dev  On Behalf Of sandip 
gangakhedkar
Sent: Wednesday, February 12, 2020 4:46 PM
To: wireshark-dev@wireshark.org
Subject: [Wireshark-dev] Unable to detect custom protocol dissector

Hi,

I am using a Custom protocol dissector (Lua script) for the GeoNetworking 
header. I have build wireshark 3.2.1 from source on Ubuntu 18.04 and placed the 
Lua script in the Global plugins directory. However, the script fails when to 
find the Geonetworking protocol when I invoke it in the script:

  Dissector.get("gnw"):call(newTvb, pkt, root)

So I tried another approach:

  gnw_dissector = DissectorTable.get("ethertype"):get_dissector(35143)

The protocol gnw (GeoNetworking) corresponds to an EtherType of 35143 in my 
Wireshark protocols configuration. However, this also fails to find the "gnw" 
protocol.

How can I get wireshark to detect the GeoNetworking protocol from my custom Lua 
script?

Thanks in advance.


CONFIDENTIALITY NOTICE: This message is the property of International Game 
Technology PLC and/or its subsidiaries and may contain proprietary, 
confidential or trade secret information. This message is intended solely for 
the use of the addressee. If you are not the intended recipient and have 
received this message in error, please delete this message from your system. 
Any unauthorized reading, distribution, copying, or other use of this message 
or its attachments is strictly prohibited.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Unable to detect custom protocol dissector

2020-02-13 Thread sandip gangakhedkar 
Hi Chris,

I confirm that I see the same issue with your Lua script. However, I am
able to dissect the GeoNetworking header normally in another pcap trace
that does not contain my proprietary header that encapsulates my
GeoNetworking PDU. So I think the Native Wireshark gnw Dissector is working
just fine.

However, when I add the custom Dissector for my proprietary header and then
chain the gnw Dissector to it, I am able to see my proprietary headers, but
fail to see the GeoNetworking header dissected.

@Anders: I did not notice anything particular in the way the gnw Dissector
is registered:


> expert_module_t* expert_geonw;
> module_t *geonw_module;
> proto_geonw = proto_register_protocol("GeoNetworking", "GNW", "gnw");
> geonw_handle = register_dissector("gnw", dissect_geonw, proto_geonw);
> proto_register_field_array(proto_geonw, hf_geonw, array_length(hf_geonw));
> proto_register_subtree_array(ett, array_length(ett));
> expert_geonw = expert_register_protocol(proto_geonw);
> expert_register_field_array(expert_geonw, ei, array_length(ei));
>

Am I missing something here?

Thanks again for your help.




On Thu, Feb 13, 2020 at 10:50 PM Maynard, Chris via Wireshark-dev <
wireshark-dev@wireshark.org> wrote:

> I’m not sure what you’re trying to do, but there’s already a Wireshark
> built-in dissector for GeoNetworking[1].
>
>
>
> If you’re trying to replace it for some reason, then you may either need
> to disable that one or remove it completely.  And if you’re trying to
> implement in Lua, then you’ll need to register it as a heuristic dissector
> using register_heuristic[2].  However, it seems that there might be a bug
> with respect to this function[3], as the following simple Lua script seems
> to indicate:
>
>
>
> local p_gnw = Proto("gnwHdr", "GeoNetworkingHdr")
>
>
>
> function p_gnw.dissector(tvbuf, pinfo, tree)
>
>
>
> local ethertype = tvbuf(12, 2):uint()
>
> if ethertype == 35143 then
>
> pinfo.cols.protocol:set("GNW")
>
> return true
>
> else
>
> return false
>
> end
>
> end
>
>
>
> p_gnw.register_heuristic("eth", p_gnw.dissector)
>
>
>
>
>
> When Wireshark is started with this gnw.lua script loaded, the following
> error message is encountered:
>
>
>
> Lua: Error during loading:
>
> path\to\gnw.lua:14:bad
>
> argument #1 to ‘register_heuristic’ (userdata expected, got string)
>
> stack traceback:
>
>  [C]: in function ‘register_heuristic’
>
>  path\to\gnw.lua:14:
>
> in main chunk
>
>
>
> - Chris
>
> [1]:
> https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-geonw.c;h=21290a3b179c8974483a2f762cbe512fbec67103;hb=HEAD
>
> [2]:
> https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html
> (Section 11.6.5.3)
>
> [3]:
> https://osqa-ask.wireshark.org/questions/54158/register-heuristic-function-for-multiple-heuristic-list-names-in-lua
>
>
>
>
>
> *From:* Wireshark-dev  *On Behalf Of
> *sandip gangakhedkar
> *Sent:* Wednesday, February 12, 2020 4:46 PM
> *To:* wireshark-dev@wireshark.org
> *Subject:* [Wireshark-dev] Unable to detect custom protocol dissector
>
>
>
> Hi,
>
>
>
> I am using a Custom protocol dissector (Lua script) for the GeoNetworking
> header. I have build wireshark 3.2.1 from source on Ubuntu 18.04 and placed
> the Lua script in the Global plugins directory. However, the script fails
> when to find the Geonetworking protocol when I invoke it in the script:
>
>
>
>   Dissector.get("gnw"):call(newTvb, pkt, root)
>
>
>
> So I tried another approach:
>
>
>
>   gnw_dissector = DissectorTable.get("ethertype"):get_dissector(35143)
>
>
>
> The protocol gnw (GeoNetworking) corresponds to an EtherType of 35143 in
> my Wireshark protocols configuration. However, this also fails to find the
> "gnw" protocol.
>
>
>
> How can I get wireshark to detect the GeoNetworking protocol from my
> custom Lua script?
>
>
>
> Thanks in advance.
>
>
>
>
> CONFIDENTIALITY NOTICE: This message is the property of International Game
> Technology PLC and/or its subsidiaries and may contain proprietary,
> confidential or trade secret information. This message is intended solely
> for the use of the addressee. If you are not the intended recipient and
> have received this message in error, please delete this message from your
> system. Any unauthorized reading, distribution, copying, or other use of
> this message or its attachments is strictly prohibited.
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/option

Re: [Wireshark-dev] Unable to detect custom protocol dissector

2020-02-13 Thread Anders Broman via Wireshark-dev 
Hi,

I don’t write Lua code but try

  
Dissector.get(name) 

 

Using gnw as name

Regards

Anders

 

From: Wireshark-dev  On Behalf Of sandip 
gangakhedkar
Sent: den 13 februari 2020 23:11
To: Developer support list for Wireshark 
Subject: Re: [Wireshark-dev] Unable to detect custom protocol dissector

 

Hi Chris,

 

I confirm that I see the same issue with your Lua script. However, I am able to 
dissect the GeoNetworking header normally in another pcap trace that does not 
contain my proprietary header that encapsulates my GeoNetworking PDU. So I 
think the Native Wireshark gnw Dissector is working just fine. 

 

However, when I add the custom Dissector for my proprietary header and then 
chain the gnw Dissector to it, I am able to see my proprietary headers, but 
fail to see the GeoNetworking header dissected. 

 

@Anders: I did not notice anything particular in the way the gnw Dissector is 
registered:

 

 



expert_module_t* expert_geonw;


module_t *geonw_module;


 


proto_geonw = proto_register_protocol("GeoNetworking", "GNW", "gnw");


 


 


geonw_handle = register_dissector("gnw", dissect_geonw, proto_geonw);


 


proto_register_field_array(proto_geonw, hf_geonw, array_length(hf_geonw));


proto_register_subtree_array(ett, array_length(ett));


 


expert_geonw = expert_register_protocol(proto_geonw);


expert_register_field_array(expert_geonw, ei, array_length(ei));



 

Am I missing something here?

 

Thanks again for your help.

 

 

 

 

On Thu, Feb 13, 2020 at 10:50 PM Maynard, Chris via Wireshark-dev 
mailto:wireshark-dev@wireshark.org> > wrote:

I’m not sure what you’re trying to do, but there’s already a Wireshark built-in 
dissector for GeoNetworking[1]. 

 

If you’re trying to replace it for some reason, then you may either need to 
disable that one or remove it completely.  And if you’re trying to implement in 
Lua, then you’ll need to register it as a heuristic dissector using 
register_heuristic[2].  However, it seems that there might be a bug with 
respect to this function[3], as the following simple Lua script seems to 
indicate:

 

local p_gnw = Proto("gnwHdr", "GeoNetworkingHdr")

 

function p_gnw.dissector(tvbuf, pinfo, tree)

 

local ethertype = tvbuf(12, 2):uint()

if ethertype == 35143 then

pinfo.cols.protocol:set("GNW")

return true

else

return false

end

end

 

p_gnw.register_heuristic("eth", p_gnw.dissector)

 

 

When Wireshark is started with this gnw.lua script loaded, the following error 
message is encountered:

 

Lua: Error during loading:

path\to\gnw.lua:14:bad

argument #1 to ‘register_heuristic’ (userdata expected, got string)

stack traceback:

 [C]: in function ‘register_heuristic’

 path\to\gnw.lua:14:

in main chunk

 

- Chris

[1]: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-geonw.c;h=21290a3b179c8974483a2f762cbe512fbec67103;hb=HEAD

[2]: https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html 
(Section 11.6.5.3)

[3]: 
https://osqa-ask.wireshark.org/questions/54158/register-heuristic-function-for-multiple-heuristic-list-names-in-lua

 

 

From: Wireshark-dev mailto:wireshark-dev-boun...@wireshark.org> > On Behalf Of sandip gangakhedkar
Sent: Wednesday, February 12, 2020 4:46 PM
To: wireshark-dev@wireshark.org  
Subject: [Wireshark-dev] Unable to detect custom protocol dissector

 

Hi, 

 

I am using a Custom protocol dissector (Lua script) for the GeoNetworking 
header. I have build wireshark 3.2.1 from source on Ubuntu 18.04 and placed the 
Lua script in the Global plugins directory. However, the script fails when to 
find the Geonetworking protocol when I invoke it in the script:

 

  Dissector.get("gnw"):call(newTvb, pkt, root)

 

So I tried another approach:

 

  gnw_dissector = DissectorTable.get("ethertype"):get_dissector(35143)

 

The protocol gnw (GeoNetworking) corresponds to an EtherType of 35143 in my 
Wireshark protocols configuration. However, this also fails to find the "gnw" 
protocol.

 

How can I get wireshark to detect the GeoNetworking protocol from my custom Lua 
script?

 

Thanks in advance.

 

 

CONFIDENTIALITY NOTICE: This message is the property of International Game 
Technology PLC and/or its subsidiaries and may contain proprietary, 
confidential or trade secret information. This message is intended solely for 
the use of the addressee. If you are not the intended recipient and have 
received this message in error, please delete this message from your system. 
Any unauthorized reading, distribution, copying, or other use of this message 
or its attachments is strictly prohibited. 

_