Wireshark-dev: Re: [Wireshark-dev] Using Lua to parse TCP encapsulated IP protocol

From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Tue, 23 Jan 2007 21:42:32 +0100
Hi,
* Can you test it against 0.99.5pre1?
I cannot make it crash (works OK for me), could you send the capture
file that does crash?
Could you eventually send in also the output of wireshark -v

Thanks
Luis

BTW
sub_buf = buffer( 4, buffer:len() - 4 ):tvb()
is the same as
sub_buf = buffer(4):tvb()


On 1/22/07, Scott Robinson <scott.anthony.robinson@xxxxxxxxx> wrote:
Hi,

I've been using Lua to create a dissector for a protocol that has IP
encapsulated inside TCP with an additional header. Everything works fine
until I try to create a new tvb off from a tvbsubrange. When I do this,
Wireshark crashes. The new tvb appeared correct when I added debug
statements (pointing at the correct data, and length are correct).

The Lua and Wireshark docs refered to the Tvb.new_subset function to create
a new sub tvb for an encapsulated protocol. I couldn't get that to work and
used something like buffer(4,n):tvb().

I've only been looking at the Wireshark and Lua code for a short time now,
so I'm hoping I'm just coding something up wrong. Any pointers would be
greatly appreciated.

Here's a sample of the code that was crashing. If I comment out the line
that tries to pass the new sub tvb to the ip dissector, or just pass the
original buffer to the ip dissector, wireshark doesn't crash (although it
doesn't decode like I need it too)

Thanks.
-Scott
-- Define our protocol
my_proto  = Proto("myproto", "MINE", "My Protocol")


-- Create a function to dissect my_proto
function my_proto.dissector( buffer, pinfo, tree )
   local subtree = tree:add( my_proto, buffer, "My Proto Header" )

   subtree:add( buffer(0,1), "Version: "  .. buffer(0,1):uint() )
    subtree:add( buffer(1,1), "Type: "     .. buffer(1,1):uint() )
   subtree:add( buffer(2,2), "Sequence: " .. buffer(2,2):uint() )

   ip_dissector = Dissector.get("ip")

   -- skip over the header in front of the encapsulated ip packet
   sub_buf = buffer( 4, buffer:len() - 4 ):tvb()

   ip_dissector:call( sub_buf, pinfo, tree )

end

-- load the tcp port table
tcp_table = DissectorTable.get("tcp.port")

-- register our protocol
tcp_table:add(7000, my_proto)




_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev




--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan