https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14525
Bug ID: 14525
Summary: Lua: read UAT fields to global map before lua fields
initialization
Product: Wireshark
Version: 2.5.x (Experimental)
Hardware: x86
OS: All
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: TShark
Assignee: bugzilla-ad...@wireshark.org
Reporter: xpa...@gmail.com
Target Milestone: ---
Build Information:
TShark (Wireshark) 2.5.0 (v2.5.0-6-g59e4311f)
Copyright 1998-2018 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, with GLib 2.36.0,
with zlib 1.2.5, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with
GnuTLS
3.4.17, with Gcrypt 1.7.7, with MIT Kerberos, with GeoIP, with nghttp2 1.14.0,
with LZ4, with Snappy, with libxml2 2.9.4.
Running on Mac OS X 10.13.3, build 17D47 (Darwin 17.4.0), with Intel(R)
Core(TM)
i5-5257U CPU @ 2.70GHz (with SSE4.2), with 16384 MB of physical memory, with
locale C/ru_RU.UTF-8/C/C/C/C, with libpcap version 1.8.1 -- Apple version
79.20.1, with GnuTLS 3.4.17, with Gcrypt 1.7.7, with zlib 1.2.11, binary
plugins
supported (14 loaded).
Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).
--
Tshark can't register new UAT fields in Lua script:
[string "/home/xpahos/tshark.lua"]:219: bad argument #1 to 'new' (Field_new: a
field with this name must exist)
tshark starts initialization by calling epan_init where wslua_init called
before epan_load_settings. So UAT fields will be loaded after Lua
initialization and tshark will fail to call Field.new for UAT fields.
Here workaround:
https://code.wireshark.org/review/#/c/26225/
Here sample tshark Lua script:
function optional_string(str)
if str == nil then
return ""
else
return tostring(str)
end
end
function optional_number(str)
if str == nil then
return 0
else
return tonumber(tostring(str))
end
end
function make_set_array(str, delim)
local set = {}
local array = {}
for match in string.gmatch(str, "[^"..delim.."]+") do
set[match] = true
array[#array+1] = match
end
return {set=set, array=array}
end
do
local dumper_idx = {}
local tcp_stream_table = {}
local tcp_stream_table_idx = 1
local ws_fields = {
tcp_stream_field = Field.new("tcp.stream"), -- for buckets in table
frame_protocols_field = Field.new("frame.protocols"),
frame_time_epoch_field = Field.new("frame.time_epoch"),
-- ip
ip_src_field = Field.new("ip.src"),
ip_dst_field = Field.new("ip.dst"),
ipv6_src_field = Field.new("ipv6.src"),
ipv6_dst_field = Field.new("ipv6.dst"),
-- tcp
tcp_srcport_field = Field.new("tcp.srcport"),
tcp_dstport_field = Field.new("tcp.dstport"),
--- http
http_header_x_forwarded_for_field = Field.new("http.x_forwarded_for"),
http_header_x_req_id_field = Field.new("http.header.X-Req-Id"),
http_header_content_length_field = Field.new("http.content_length"),
}
local function init_listener()
local listener = Listener.new("frame")
function listener.reset()
-- empty
end
function listener.packet(pinfo, tvb, tapinfo)
local raw_idx = optional_number(ws_fields["tcp_stream_field"]())
local tcp_stream_idx = raw_idx + 1 -- Lua arrays starts with 1
local frame_protocols =
make_set_array(optional_string(ws_fields["frame_protocols_field"]()), ":")
-- Fill TCP/IP fields
local ip_src = ws_fields["ip_src_field"]()
local ip_dst = ws_fields["ip_dst_field"]()
if ip_src == nil and ip_dst == nil then
ip_src = ws_fields["ipv6_src_field"]()
ip_dst = ws_fields["ipv6_dst_field"]()
end
local frame_time_epoch =
optional_number(ws_fields["frame_time_epoch_field"]())
local tcp_srcport =
optional_number(ws_fields["tcp_srcport_field"]())
local tcp_dstport =
optional_number(ws_fields["tcp_dstport_field"]())
if tcp_stream_table[tcp_stream_idx] == nil then
tcp_stream_table[tcp_stream_idx] = {}
tcp_stream_table_idx = 1
else
tcp_stream_table_idx = #tcp_stream_table[tcp_stream_idx] + 1
end
tcp_stream_table[tcp_stream_idx][tcp_stream_table_idx] = {
frame_time_epoch = frame_time_epoch,
ip_src = tostring(ip_src),
ip_dst = tostring(ip_dst),
tcp_srcport = tcp_srcport,
tcp_dstport = tcp_dstport,
}
-- Append HTTP fields if it applicable
if frame_protocols["set"]["http"] ~= nil then
local http_header_x_forwarded_for =
optional_string(ws_fields["http_header_x_forwarded_for_field"]())
local http_header_x_req_id =
optional_string(ws_fields["http_header_x_req_id_field"]())
local http_header_content_length =
optional_number(ws_fields["http_header_content_length_field"]())
tcp_stream_table[tcp_stream_idx][tcp_stream_table_idx]["http"]["http_header_x_forwarded_for"]
= http_header_x_forwarded_for
tcp_stream_table[tcp_stream_idx][tcp_stream_table_idx]["http"]["http_header_x_req_id"]
= http_header_x_req_id
tcp_stream_table[tcp_stream_idx][tcp_stream_table_idx]["http"]["http_header_content_length"]
= http_header_content_length
end
end
function listener.draw()
for i=1,#tcp_stream_table do
print(json.encode(tcp_stream_table[i]))
end
end
end
init_listener()
end
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
