This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Crashing issue when running Lua dissector after upgrading from wireshark 1.0.0

0

The Lua dissector below causes a segmentation fault in Wireshark 1.2 and Wireshark 1.4.1. This works fine in Wireshark 1.0.0.

It appears that the call to payload_dissector_table:try() is causing the problem, but I can't figure out why. If I remove that call, the dissector runs fine. If I change the dissector table so that it doesn't match any packets, the dissector runs fine. If I remove everything from the testProtoSubprotocol.dissector() function, I get a crash. So, it doesn't look like there's anything wrong about testProtoSubprotocol.dissector() itself.

I'm not sure why this is happening, or where to go from here to debug it. Does anyone have any suggestions either on what the issue is, or how to debug it further?

Thanks!

Lua dissector

testProtoSubprotocol = Proto("testproto.test", "Test Protocol Frame Type 0")

local testSubfields = testProtoSubprotocol.fields testSubfields.number = ProtoField.uint16("testproto.test.number", "Number", base.DEC)

function testProtoSubprotocol.dissector(buffer, pinfo, tree) local subtree = tree:add(testProtoSubprotocol, buffer()) local number = buffer(0, 2) subtree:add_le(testSubfields.number, number) pinfo.cols.info = "Number " pinfo.cols.info:append( number:le_uint() ) end

testDissectorTable = DissectorTable.new( "testproto", "Test Protocol" ) testDissectorTable:add( 0, testProtoSubprotocol )

testProtocol = Proto("testproto", "Test Protocol")

local frametypes = { [0x00] = "Test Frame Type", }

local fields = testProtocol.fields fields.frameType = ProtoField.uint8("testproto.frame_type", "Frame Type", base.HEX, frametypes, 0x0F) fields.payload = ProtoField.bytes("testproto.payload", "Payload")

function testProtocol.dissector(buffer, pinfo, tree) pinfo.cols.protocol = testProtocol.name

local subtree = tree:add(testProtocol, buffer())

local frame_type = mask( buffer(0, 1):uint(), 0x0F )

subtree:add(fields.frameType, buffer(offset, 1))

payload = buffer(2, 60)
local payload_dissector_table = DissectorTable.get( "testproto" )
payload_dissector_table:try( frame_type, payload:tvb(), pinfo, subtree )

end

function mask( value, mask ) return value % (mask + 1) end

ethernet_table = DissectorTable.get("ethertype") ethernet_table:add(0x4A46, testProtocol)

Version information:

wireshark 1.4.1

Copyright 1998-2010 Gerald Combs <[email protected]wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.20.1, (32-bit) with GLib 2.24.1, with libpcap 1.0.0, with libz 1.2.3.3, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8, with c-ares 1.7.0, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18 2010 22:31:30), without AirPcap.

Running on Linux 2.6.32-24-generic, with libpcap version 1.0.0, with libz 1.2.3.3, GnuTLS 2.8.5, Gcrypt 1.4.4.

Built using gcc 4.4.3.

asked 20 Oct ‘10, 16:11

Jacques's gravatar image

Jacques
1111
accept rate: 0%

edited 15 May ‘12, 15:09

helloworld's gravatar image

helloworld
3.1k42041

asked 20 Oct ‘10, 16:11
edited 25 mins ago ???

I wonder if @Jacques is still waiting for an answer :-)

(15 May ‘12, 15:36) Kurt Knochner ♦

@Kurt, yes :) that would be my edit. The question was difficult to read because of the formatting, and the fix was simple. The reported problem might not be an issue any more, but it can still be answered regardless of whether @Jacques is waiting for the answer :)

(15 May ‘12, 16:00) helloworld