Ask Your Question
0

Buffer value is set to null while using filter in protocol dissector

asked 2019-02-27 03:27:37 +0000

sivabalan gravatar image

updated 2019-02-28 03:30:47 +0000

I have a custom dissector where the value of buffer contains the expected data when wireshark is loaded for first time. On using filter such as proto.field == value the buffer value becomes nil, but on reloading the Lua plugins the buffer value is displayed again. It seems erratic behavior where its difficult to figure out the root cause, is there any common behavior that I am missing to look at?

The issue is that the local buf displays the value on reloading the Lua plugins, in other occurrences it displays a nil

code snippet

local id_list = IField.get('id', 0) -- get all id
local data_list = IField.get('data', 0) --get all data

for i,id in ipairs(id_list) do
    local node = bit.band(id, 0xFF)
    local data = data_list[i]
    local seqn = data:get_index(0)
    local payload = data:subset(1, data:len()-1)

    if bit.band(seqn, 0x80) > 0 then -- first frame
        packets[node] = ByteArray.new()
        seqn = bit.bxor(seqn, 0x80)
    end

    local buf = packets[node]:tvb("My frame")
edit retag flag offensive close merge delete

Comments

To which buffer are you referring?

Guy Harris gravatar imageGuy Harris ( 2019-02-27 07:34:02 +0000 )edit

TVB buffer

sivabalan gravatar imagesivabalan ( 2019-02-27 10:14:03 +0000 )edit

Some code might help to understand what you're doing. Can you provide a snippet that illustrates the problem you're trying to convey?

cmaynard gravatar imagecmaynard ( 2019-02-27 14:02:26 +0000 )edit

So do you mean that you have a tvbuff * pointer that's null, or do you mean that you have a non-null tvbuff * that points to an empty buffer?

Guy Harris gravatar imageGuy Harris ( 2019-02-27 17:27:19 +0000 )edit

@cmaynard I have added the code snippet of buffer and where the issue is

sivabalan gravatar imagesivabalan ( 2019-02-28 03:25:31 +0000 )edit
see more comments

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-02-28 21:20:51 +0000

cmaynard gravatar image

This bit sticks out to me:

1    if bit.band(seqn, 0x80) > 0 then -- first frame
2        packets[node] = ByteArray.new()
3        seqn = bit.bxor(seqn, 0x80)
4    end
5
6    local buf = packets[node]:tvb("My frame")

So what happens if the if statement on line 1 is false? This means that packets[node] will be nil, and attempting to use it on line 6 will thus fail. Perhaps line 6 (and any other lines of code that expect packets[node] to not be nil should be placed above line 4, i.e., inside the if block.

edit flag offensive delete link more

Comments

@cmaynard the problem is that the packets[node] holds the value when its loaded for the first time and while traversing through the packets/filtering it becomes nil. After reloading the Lua plugins it displays the expected packets[node] value.

sivabalan gravatar imagesivabalan ( 2019-03-01 03:42:35 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-02-27 03:27:37 +0000

Seen: 468 times

Last updated: Feb 28 '19

Related questions

how to invert two bytes in lua script dissector ?

Adjusting Bit order and Endianess in LUA between Dissectors

Reuse (part of) a Wireshark Dissector

Use UDS dissector inside DoIP dissector

How to register LUA dissectors without GUI

How to use two lua dissectors together ?

What's the difference between a dissector, post-dissector and tap?

advice on LUA dissector

how to register a new LUA based dissector only to udp src port

how to get SDP information from the Lua

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2