Wireshark-bugs: [Wireshark-bugs] [Bug 9296] New: Wireshark lua dissector unable to load for medi
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 19 Oct 2013 18:34:56 +0000
Bug ID 9296
Summary Wireshark lua dissector unable to load for media_type=application/octet-stream
Classification Unclassified
Product Wireshark
Version 1.10.2
Hardware x86-64
OS Mac OS X 10.8
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter cong.ling@happyelements.com 

Created attachment 11822 [details]
test code

Build Information:

--
I'm trying to write a lua Proto to parse our private protocol on http. But
Wireshark didn't enter my dissector function when the media_type to
"application/octet-stream". When the media_type is set to "text/html",
everything looks fine. 

After I use Lua->evaluate in Wireshark, The dissector table shows my protocol
like this, 'application/octet-stream' is in mess code.

The reason is source code "wslua_proto.c" line 1722 --  "g_free(pattern);".
Because the sub_dissectors->hash_table just add the pattern as point without
duplicate a copy in "packet.c". If the pattern is free in DissectorTable_add,
the pointer will be invalid in the future. 

After I comment line 1722 in wslua_proto.c, it works

I use tshark to debugging for application/octet-stream

$tshark  -r test.pcapng   |grep application/octet-stream
108 40.536817000    10.8.0.14 -> 10.130.142.72 HTTP 418 POST
/protocol?uid=101225&uid=101225&_t=1382115502 HTTP/1.1 
(application/octet-stream)
111 40.596037000 10.130.142.72 -> 10.8.0.14    HTTP 63 HTTP/1.1 200 OK 
(application/octet-stream)
120 40.657143000    10.8.0.14 -> 10.130.142.72 HTTP 445 POST
/protocol?uid=101225&uid=101225&_t=1382115502    HTTP/1.1 
(application/octet-stream)
124 40.729645000 10.130.142.72 -> 10.8.0.14    HTTP 63 HTTP/1.1 200 OK 
(application/octet-stream)
219 41.810493000    10.8.0.14 -> 10.130.142.72 HTTP 488 POST
/protocol?uid=101225&uid=101225&_t=1382115503 HTTP/1.1 
(application/octet-stream)
226 41.919401000 10.130.142.72 -> 10.8.0.14    HTTP 63 HTTP/1.1 200 OK 
(application/octet-stream)

$tshark  -r test.pcapng   -X lua_script:canon.lua | grep myproto
adding myproto into DissectorTable

for text/html

$tshark  -r test.pcapng   -X lua_script:canon.lua | grep myproto
adding myproto into DissectorTable
enter myproto.dissector
enter myproto_dissector, tvb.len:2
enter myproto.dissector
enter myproto_dissector, tvb.len:6
enter myproto.dissector
enter myproto_dissector, tvb.len:6

You are receiving this mail because:
  • You are watching all bug changes.