Update broke dissector
I am using a custom lua dissector on UDP packets. I recently updated from wireshark 3.0 to 3.4 and found that while the dissection works fine when viewing on wireshark, when I try to read the packet in pyshark and dissect it with the dissector, it does not dissect properly and the packet object does not contain the dissected layer.
pyshark gives me the error: KeyError: 'Layer does not exist in packet'
By testing different versions of both my code, pyshark, the dissector, and Wireshark. I have determined that the problem must be from a change in Wireshark 3.2 that pyshark doesn't like for some reason, but I have not been able to determine the cause or a fix.
If anyone has any ideas that would be great, thanks!
pyshark "uses tshark's (wireshark command-line utility) ability to export XMLs"
Have you tested with
tshark
and compared the outputs of working and not working versions?Also note that there is no guaranteed dissector compatibility between major versions (e.g. 3.0 -> 3.2 -> 3.4). While this is most important for C based dissectors, the same also holds true for Lua.