Hi Chris,
I confirm that I see the same issue with your Lua script. However, I am
able to dissect the GeoNetworking header normally in another pcap trace
that does not contain my proprietary header that encapsulates my
GeoNetworking PDU. So I think the Native Wireshark gnw Dissector is working
just fine.
However, when I add the custom Dissector for my proprietary header and then
chain the gnw Dissector to it, I am able to see my proprietary headers, but
fail to see the GeoNetworking header dissected.
@Anders: I did not notice anything particular in the way the gnw Dissector
is registered:
> expert_module_t* expert_geonw;
> module_t *geonw_module;
> proto_geonw = proto_register_protocol("GeoNetworking", "GNW", "gnw");
> geonw_handle = register_dissector("gnw", dissect_geonw, proto_geonw);
> proto_register_field_array(proto_geonw, hf_geonw, array_length(hf_geonw));
> proto_register_subtree_array(ett, array_length(ett));
> expert_geonw = expert_register_protocol(proto_geonw);
> expert_register_field_array(expert_geonw, ei, array_length(ei));
>
Am I missing something here?
Thanks again for your help.
On Thu, Feb 13, 2020 at 10:50 PM Maynard, Chris via Wireshark-dev <
wireshark-dev@wireshark.org> wrote:
> I’m not sure what you’re trying to do, but there’s already a Wireshark
> built-in dissector for GeoNetworking[1].
>
>
>
> If you’re trying to replace it for some reason, then you may either need
> to disable that one or remove it completely. And if you’re trying to
> implement in Lua, then you’ll need to register it as a heuristic dissector
> using register_heuristic[2]. However, it seems that there might be a bug
> with respect to this function[3], as the following simple Lua script seems
> to indicate:
>
>
>
> local p_gnw = Proto("gnwHdr", "GeoNetworkingHdr")
>
>
>
> function p_gnw.dissector(tvbuf, pinfo, tree)
>
>
>
> local ethertype = tvbuf(12, 2):uint()
>
> if ethertype == 35143 then
>
> pinfo.cols.protocol:set("GNW")
>
> return true
>
> else
>
> return false
>
> end
>
> end
>
>
>
> p_gnw.register_heuristic("eth", p_gnw.dissector)
>
>
>
>
>
> When Wireshark is started with this gnw.lua script loaded, the following
> error message is encountered:
>
>
>
> Lua: Error during loading:
>
> path\to\gnw.lua:14:bad
>
> argument #1 to ‘register_heuristic’ (userdata expected, got string)
>
> stack traceback:
>
> [C]: in function ‘register_heuristic’
>
> path\to\gnw.lua:14:
>
> in main chunk
>
>
>
> - Chris
>
> [1]:
> https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-geonw.c;h=21290a3b179c8974483a2f762cbe512fbec67103;hb=HEAD
>
> [2]:
> https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html
> (Section 11.6.5.3)
>
> [3]:
> https://osqa-ask.wireshark.org/questions/54158/register-heuristic-function-for-multiple-heuristic-list-names-in-lua
>
>
>
>
>
> *From:* Wireshark-dev <wireshark-dev-boun...@wireshark.org> *On Behalf Of
> *sandip gangakhedkar
> *Sent:* Wednesday, February 12, 2020 4:46 PM
> *To:* wireshark-dev@wireshark.org
> *Subject:* [Wireshark-dev] Unable to detect custom protocol dissector
>
>
>
> Hi,
>
>
>
> I am using a Custom protocol dissector (Lua script) for the GeoNetworking
> header. I have build wireshark 3.2.1 from source on Ubuntu 18.04 and placed
> the Lua script in the Global plugins directory. However, the script fails
> when to find the Geonetworking protocol when I invoke it in the script:
>
>
>
> Dissector.get("gnw"):call(newTvb, pkt, root)
>
>
>
> So I tried another approach:
>
>
>
> gnw_dissector = DissectorTable.get("ethertype"):get_dissector(35143)
>
>
>
> The protocol gnw (GeoNetworking) corresponds to an EtherType of 35143 in
> my Wireshark protocols configuration. However, this also fails to find the
> "gnw" protocol.
>
>
>
> How can I get wireshark to detect the GeoNetworking protocol from my
> custom Lua script?
>
>
>
> Thanks in advance.
>
>
>
>
> CONFIDENTIALITY NOTICE: This message is the property of International Game
> Technology PLC and/or its subsidiaries and may contain proprietary,
> confidential or trade secret information. This message is intended solely
> for the use of the addressee. If you are not the intended recipient and
> have received this message in error, please delete this message from your
> system. Any unauthorized reading, distribution, copying, or other use of
> this message or its attachments is strictly prohibited.
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
