This probably won’t resolve your problem (or maybe it will?), but why are you using
le_uint64():tonumber()? p2p_tree:add(neop2p.fields.length, buffer(offset, 4), buffer(offset, 4):le_uint64():tonumber()) offset = offset + 4 p2p_tree:add(neop2p.fields.checksum, buffer(offset, 4), buffer(offset, 4):le_uint64():tonumber()) But instead of bothering with
le_uint(), why not just use
add_le() instead of
add()? p2p_tree:add_le(neop2p.fields.magic, buffer(offset, 4)) offset = offset + 4 p2p_tree:add_le(neop2p.fields.cmd, buffer(offset, 12)) offset = offset + 12 p2p_tree:add_le(neop2p.fields.length, buffer(offset, 4)) offset = offset + 4 p2p_tree:add_le(neop2p.fields.checksum, buffer(offset, 4)) offset = offset + 24 If that doesn’t help, maybe you could post a small capture file for testing purposes? - Chris Ref:
https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Tree.html From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]
On Behalf Of ?? Dear Experts, I am building my Lua plugin for Wireshark, but I got a failed assertion below: [Dissector bug, protocol TCP: /build/wireshark-rjGTDh/wireshark-2.6.3/epan/dissectors/packet-tcp.c:5591: failed assertion "save_desegment_offset == pinfo->desegment_offset && save_desegment_len
== pinfo->desegment_len"] Our prorotocol is top on TCP and has a length code in. so I want to get enough bytes for my dissector. At first, I use pinfo.desegment_len = missing_bytes and return nothing, but got the assertion. Now, I am using dissect_tcp_pdus, still got the problem. I attach my code below and look forward to your reply. Thank you very much and sorry to bother you. Here is my code: local neop2p = Proto("NEO", "Neo P2P Protocol") neop2p.fields.magic = ProtoField.uint32("neop2p.magic", "MAGIC", base.DEC, NET_TYPE) neop2p.fields.cmd = ProtoField.string("neop2p.cmd", "COMMAND", base.UNICODE) neop2p.fields.length = ProtoField.uint32("neop2p.length", "LENGTH", base.DEC) neop2p.fields.checksum = ProtoField.uint32("neop2p.checksum", "CHECKSUM", base.DEC) neop2p.fields.payload = ProtoField.string("neop2p.payload", "PAYLOAD", base.ASCII) local function neop2p_dissector(buffer, pinfo, tree) local L = buffer:len() local magic = buffer(0, 4):le_uint() local cmd = buffer(4, 12):stringz() local length = buffer(16, 4):le_uint() local p2p_tree = tree:add(neop2p, buffer(0, L), "Neo P2P Protocol, "..NET_TYPE[magic]) pinfo.cols.protocol:set("NEO") pinfo.cols.info:set("".. NET_TYPE[magic]..","..cmd) local offset = 0 p2p_tree:add(neop2p.fields.magic, buffer(offset, 4), buffer(offset, 4):le_uint64():tonumber()) offset = offset + 4 p2p_tree:add(neop2p.fields.cmd, buffer(offset, 12), buffer(offset, 12):string()) offset = offset + 12 p2p_tree:add(neop2p.fields.length, buffer(offset, 4), buffer(offset, 4):le_uint64():tonumber()) offset = offset + 4 p2p_tree:add(neop2p.fields.checksum, buffer(offset, 4), buffer(offset, 4):le_uint64():tonumber()) offset = offset + 4 if length ~= 0 then local payload = buffer(offset, length) p2p_tree:add(neop2p.fields.payload, payload, tostring(payload)) offset = offset + length end -- if cmd == C_INV then -- return neop2p_inv_dissector(payload, pinfo, p2p_tree) -- end -- if cmd == C_ADDR then -- return neop2p_addr_dissector(payload, pinfo, p2p_tree) -- end -- if cmd == C_GET_DATA then -- return neop2p_getdata_dissector(payload, pinfo, p2p_tree) -- end -- if cmd == C_VERSION then -- return neop2p_ver_dissector(payload, pinfo, p2p_tree) -- end -- if cmd == C_GET_HEADERS then -- return neop2p_getheaders_dissector(payload, pinfo, p2p_tree) -- end return true end local function get_neop2p_len(buffer) local len = buffer(16, 4):le_uint() + 24 return len end local neo = Proto("NEOPROTOCOL", "Neo Protocol") function neo.dissector(buffer, pinfo, tree) dissect_tcp_pdus(buffer, tree, 24, get_neop2p_len, neop2p_dissector) return true end --------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------- neo:register_heuristic("tcp", neo.dissector) |
- References:
- Prev by Date: Re: [Wireshark-dev] [Wireshark-commits] wireshark-win64-libs rev 533: /trunk/ /trunk/packages/: GeoIP-1.6.10-win64ws.zip GeoIP-1.6.6-win64ws.zip /trunk/: README.txt
- Next by Date: Re: [Wireshark-dev] Decrypt encrypted eapol key data (in 802.11 4-way handshake)
- Previous by thread: [Wireshark-dev] failed assertion "save_desegment_offset == pinfo->desegment_offset && save_desegment_len == pinfo->desegment_len"
- Next by thread: [Wireshark-dev] Migrating away from Gerrit+Buildbot+Bugzilla?
- Index(es):