Wireshark-users: Re: [Wireshark-users] How to disable lua support from command line ?

From: Peter Wu <peter@xxxxxxxxxxxxx>
Date: Tue, 2 Jul 2019 19:29:40 +0200
On Tue, Jul 02, 2019 at 04:22:43PM +0900, Matt wrote:
> Le mar. 2 juil. 2019 � 15:15, Guy Harris <guy@xxxxxxxxxxxx> a �crit :
> >
> > On Jul 1, 2019, at 8:34 PM, Matt <mattator@xxxxxxxxx> wrote:
> >
> > > I want my program to determistically run on other computers as well,
> > > thus I can't assume anything in advance about users' lua script. I had
> > > not really thought about compiled plugins but that's the same issue,
> > > these optional modules may alter the way my program expects tshark to
> > > behave.
> >
> > I.e., you want a "disable all user plugins" option.
>
> To sum up, yes. Might make sense to have a flag for lua and another
> for C modules or some kind of enum.

Explicitly disabling all customized config files via environment
variables (see below) seems better than yet another option. Preferences
such as TCP reassembly, Decode As settings, decryption keys, and so on
can influence the dissection results.

> > > I believe for my usecase, the best is to wrap the tshark call with an
> > > XDG_CONFIG_HOME pointing nowhere or to a vanilla wireshark config. Not
> > > sure if there is any difficulty though, I will have a try.
> >
> > As long as the "other computers" aren't running Windows, where XDG_CONFIG_HOME has no effect....

On Windows you can set the WIRESHARK_APPDATA environment variable. Since
Wireshark 3.0 there is also the undocumented WIRESHARK_CONFIG_DIR which
overrides WIRESHARK_APPDATA, $HOME, etc.

Since your original question was about interference from a Lua script, I
have some other suggestions:

- Do not put the Lua script in your config dir. Manually start Wireshark
  with `wireshark -Xlua_script:foo.lua` or `tshark -Xlua_script:foo.lua`

- If your script is only intended to be used with the Wireshark GUI as
  opposed to Tshark, disable it by prepending this snippet on top of
  your Lua script:

    if gui_enabled() then return end

  See https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Gui.html

- Add a protocol preference to your dissector and use that to control
  whether the interfering functionality is enabled. You could combine
  this with the gui_enabled() trick above.

- Run your program with WIRESHARK_CONFIG_DIR=/nonexistent to ensure an
  empty configuration profile.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl