Record wireshark lua's bugs found by myself and some suggestion

最新推荐文章于 2025-05-31 16:51:52 发布

jasonhwang

最新推荐文章于 2025-05-31 16:51:52 发布

阅读量2.1k

点赞数

分类专栏： Web Wireshark 文章标签： lua bugs parsing string parameters table

本文链接：https://blog.csdn.net/jasonhwang/article/details/5540792

版权

Web 同时被 2 个专栏收录

9 篇文章

订阅专栏

Wireshark

9 篇文章

订阅专栏

1. Lua script can not get "data-text-lines" protocol data:

for example,

local dataline = Field.new("data-text-lines")

local data = dataline()

tostring(data.value) is not ok "FT_" error

This is fixed in 1.3.4, but data.range() is not ok, report "expired tvb" error.

2. Trying to use Field.new("tcp.segments") to get reassembled TCP data is failed.

Try xxx.value or xxx() get nil. I checked the source code, and find the reason is :

In packet-tcp.c, it set "tcp.segments" field to FT_NONE type;

Then in wslua_field.c, FT_NONE is converted to lua as nil.

My suggestion is to modify wslua_field.c->FieldInfo__call, to convert all FT_NONE to lua ByteArray just like FT_PROTOCOL that has been converted to ByteArray in 1.3.4.

Another bug about Field.new("tcp.segments") is xxx.range got "expired tvb" error too in reassembled tcp packet.

3. Suggest to expose http_dissector_add() of packet-http.c as a lua function. Such, user can use lua to write dissector to analyze protocol over http. Now we have to use the workaround to register http dissector to "tcp.port" dissectors table and register our own dissector to the same port in "http.port".

4. Suggest to expose pinfo.private_data as ByteArray of lua. Current Bug is tha wslua_pinfo.c exposes private_data as LIGHTUSERDATA. I think it is meaningless. Because that cause it can not be read by lua script.

5. Suggest to expose pinfo.match_string as ByteArray to lua script. Because some dissector, like http dissector, will put content-type to pinfo.match_string and content_type_parameters to pinfo.private_data, then invoke their subdissector (like "media_type" table's dissector). Certainly, now dissectors that register in "media_type" table can use Field.new("Content-Type") to get content-type value, and parsing it itself. But I think it is formal way to get it from match_string and private_data.

6. Suggest to expose pinfo.can_desegment to lua script or set its default to true. Because sometime we invoke standard dissector like http dissector in our own dissector, and we hope http dissector will return negative (and set pinfo.desegment_offset and pinfo.desegment_len) when it found it needs more packet to complete its dissection. But now, it can not happen, because pinfo.can_desegment default is 0 in lua script. (I don't very sure about this point)