proto_new there cannot be two protocols with the same name

edit

This works fine for me. Do you have more than one .lua file with the same "mqtt_new" name?

Any reason why you try to add a disssector to an old version?

@cmaynard I have a single file with this name. Maybe Wireshark use cheche somewhere? I reopen the app but no success

@hugo.vanderkooij I don't understand what do you mean by "add a dissector to an old version". What do you mean? I want that in case of specific code in the packet to process the rest of the packet with costumed MQTT protocol.

if buffer(0,1):uint() == 0x1 then dofile([[path_to_lua_dissector_file]])

What I did wrong?

You're working with Wireshark 3.0.2, which went EOL last year (See https://gitlab.com/wireshark/wireshar...), so @hugo.vanderkooij is wondering why you're not working with a newer version of Wireshark such as 3.4.9, which is currently the latest stable version of Wireshark.

I think we need to see more of the code to check if this is being called in a second pass.
To generate the error message manually, copy to the Tools->Lua->Evaluate window and Evaluate twice.

    -- Create a new dissector 
    MQTTPROTO = Proto.new("mqtt_new", "New implementation for MQTT protocol!")

    -- Fix header: 6 bytes
    local X = ProtoField.uint16("mqtt_new.x", "X", base.DEC)
    local Y = ProtoField.uint32("mqtt_new.y", "Y", base.DEC)

    -- register fields
    MQTTPROTO.fields = {X, Y}

    -- callback function for the dissector
    function MQTTPROTO.dissector(buffer, pinfo, tree)
        -- Debug msg
        dprint2("MQTTPROTO.dissector called")

        -- set the protocol column to show protocol name
        pinfo.cols.protocol:set("MQTTPROTO")

        -- length of the packet buffer (Tvb).
        local pktlen = buffer:reported_length_remaining()

        local proto_tree = tree:add(MQTTPROTO, buffer:range(40, pktlen))
        proto_tree:add_packet_field(X, buffer(0, 2), ENC_LITTLE_ENDIAN)
        proto_tree:add_packet_field(Y, buffer(2, 4), ENC_LITTLE_ENDIAN)
    end

    -- Register the dissector
    udp_port_table = DissectorTable.get("tcp.port")
    udp_port_table:add_for_decode_as(MQTTPROTO)

--[[ Evaluated --]]

@Chuckc the script works fine in the manual evaluation. B.T.W I update Wireshark to 3.4.9

If you're on Windows, what output do you get when you run:

findstr /r /s /m "Proto.*\"mqtt_new\"" %APPDATA%\Wireshark\plugins\*.lua

Or run something like so if you're on *nix:

grep -rl 'Proto.*"mqtt_new"' /path/to/Wireshark/plugins/

FINDSTR: No search strings

I don't think you entered the command properly.

PS C:\Users\XXXXX\AppData\Roaming\Wireshark> findstr /r /s /m "Proto.*\"mqtt_new\"" plugins*.lua FINDSTR: No search strings

I just used your command

Can you try running the findstr command from a command prompt instead of from Powershell?

@Chuckc I made the changes you mention. Thanks but it didn't help. i still get: bad argument #1 to 'new' (Proto_new:there cannot be two protocols with the same name)) (The mistakes you displayed are after the first line. and the error occurs there...)

@cmaynard Actually I run this cmmand from both terminals, CMD and Powershell. I got the same empty result

You should at least get a match for the file containing the code you pasted above. Where is your mqtt_new.lua file stored if not in %APPDATA%\Wireshark\plugins\?

BTW, here's a Powershell command you can run instead if you prefer, but of course replace the path with the path to your Lua plugin:

Get-ChildItem -Path $Env:APPDATA\Wireshark\plugins -Recurse | Select-String -Pattern "Proto.*mqtt_new" -List

(If Wireshark program directory not in PATH, will need to use full path to run it)

C:\>tshark -G folders | findstr /I lua
Personal Lua Plugins:   C:\Users\admin\AppData\Roaming\Wireshark\plugins
Global Lua Plugins:     C:\Program Files\Wireshark\plugins

C:\>tshark -G plugins | findstr /I lua
mqtt_new.lua            lua script      C:\Users\admin\AppData\Roaming\Wireshark\plugins\mqtt_new.lua

Now I got:

Get-ChildItem -Path . -Recurse | Select-String -Pattern "Proto.*mqtt*" -List

20 Applications\mqtt_new.lua:4: MQTTPROTO = Proto.new("mqtt_new", "New implementation for MQTT protocol!")

And you searched in both the "Personal Lua Plugins" folder and the "Global Lua Plugins" folder?

Yes, I searched also in the global. I don't think this is the issue, because I tried several protocol names that couldn't exists before. I saw in the googling that Wireshark loads some scripts twice in the init. lua file/ Does it make sense? How should I prevent this behavior?