Wireshark · Wireshark-dev: Re: [Wireshark-dev] Unable to detect custom protocol dissector

["Maynard, Chris" <Christopher.Maynard@xxxxxxx>]

I have no idea what your GeoNetworkHeader looks like, but maybe try this modified lua dissector instead based on the previous one I supplied?  It still uses heuristics.

local p_gnw = Proto("gnwHdr", "GeoNetworkingHdr")

-- A dummy field, just so we add *something* to the tree as an example
local f_gnw_val32 = ProtoField.uint32("gnwHdr.val32", "Value 32", base.DEC)

p_gnw.fields = { f_gnw_val32 }

local gnw_dis = Dissector.get("gnw")

function p_gnw.dissector(tvbuf, pinfo, tree)

    local ethertype = tvbuf(12, 2):uint()
    if ethertype == 35143 then
        pinfo.cols.protocol:set("GNW")
        local gnwHdr_tree = tree:add(p_gnw, tvbuf(0, -1))
        gnwHdr_tree:add(f_gnw_val32, tvbuf(14, 4))

        local tvb_sub = tvbuf:range(18, -1):tvb()
        gnw_dis:call(tvb_sub, pinfo, tree)
        return true
    else
        return false
    end
end

p_gnw.register_heuristic(p_gnw, "eth", p_gnw.dissector)


- Chris

From: Wireshark-dev <wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of Anders Broman via Wireshark-dev
Sent: Friday, February 14, 2020 2:31 AM
To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Cc: Anders Broman <anders.broman@xxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Unable to detect custom protocol dissector

Hi,
I don’t write Lua code but try
https://wiki.wireshark.org/LuaAPI/Dissector#Dissector.get.28name.29

Using gnw as name
Regards
Anders

From: Wireshark-dev <mailto:wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of sandip gangakhedkar
Sent: den 13 februari 2020 23:11
To: Developer support list for Wireshark <mailto:wireshark-dev@xxxxxxxxxxxxx>
Subject: Re: [Wireshark-dev] Unable to detect custom protocol dissector

Hi Chris,

I confirm that I see the same issue with your Lua script. However, I am able to dissect the GeoNetworking header normally in another pcap trace that does not contain my proprietary header that encapsulates my GeoNetworking PDU. So I think the Native Wireshark gnw Dissector is working just fine.

However, when I add the custom Dissector for my proprietary header and then chain the gnw Dissector to it, I am able to see my proprietary headers, but fail to see the GeoNetworking header dissected.

@Anders: I did not notice anything particular in the way the gnw Dissector is registered:



    expert_module_t* expert_geonw;

    module_t *geonw_module;



    proto_geonw = proto_register_protocol("GeoNetworking", "GNW", "gnw");





    geonw_handle = register_dissector("gnw", dissect_geonw, proto_geonw);



    proto_register_field_array(proto_geonw, hf_geonw, array_length(hf_geonw));

    proto_register_subtree_array(ett, array_length(ett));



    expert_geonw = expert_register_protocol(proto_geonw);

    expert_register_field_array(expert_geonw, ei, array_length(ei));



Am I missing something here?

Thanks again for your help.




On Thu, Feb 13, 2020 at 10:50 PM Maynard, Chris via Wireshark-dev <mailto:wireshark-dev@xxxxxxxxxxxxx> wrote:
I’m not sure what you’re trying to do, but there’s already a Wireshark built-in dissector for GeoNetworking[1].

If you’re trying to replace it for some reason, then you may either need to disable that one or remove it completely.  And if you’re trying to implement in Lua, then you’ll need to register it as a heuristic dissector using register_heuristic[2].  However, it seems that there might be a bug with respect to this function[3], as the following simple Lua script seems to indicate:

local p_gnw = Proto("gnwHdr", "GeoNetworkingHdr")

function p_gnw.dissector(tvbuf, pinfo, tree)

    local ethertype = tvbuf(12, 2):uint()
    if ethertype == 35143 then
        pinfo.cols.protocol:set("GNW")
        return true
    else
        return false
    end
end

p_gnw.register_heuristic("eth", p_gnw.dissector)


When Wireshark is started with this gnw.lua script loaded, the following error message is encountered:

Lua: Error during loading:
path\to\gnw.lua:14:bad
argument #1 to ‘register_heuristic’ (userdata expected, got string)
stack traceback:
         [C]: in function ‘register_heuristic’
         path\to\gnw.lua:14:
in main chunk

- Chris
[1]: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-geonw.c;h=21290a3b179c8974483a2f762cbe512fbec67103;hb=HEAD
[2]: https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html (Section 11.6.5.3)
[3]: https://osqa-ask.wireshark.org/questions/54158/register-heuristic-function-for-multiple-heuristic-list-names-in-lua


From: Wireshark-dev <mailto:wireshark-dev-bounces@xxxxxxxxxxxxx> On Behalf Of sandip gangakhedkar
Sent: Wednesday, February 12, 2020 4:46 PM
To: mailto:wireshark-dev@xxxxxxxxxxxxx
Subject: [Wireshark-dev] Unable to detect custom protocol dissector

Hi,

I am using a Custom protocol dissector (Lua script) for the GeoNetworking header. I have build wireshark 3.2.1 from source on Ubuntu 18.04 and placed the Lua script in the Global plugins directory. However, the script fails when to find the Geonetworking protocol when I invoke it in the script:

  Dissector.get("gnw"):call(newTvb, pkt, root)

So I tried another approach:

  gnw_dissector = DissectorTable.get("ethertype"):get_dissector(35143)

The protocol gnw (GeoNetworking) corresponds to an EtherType of 35143 in my Wireshark protocols configuration. However, this also fails to find the "gnw" protocol.

How can I get wireshark to detect the GeoNetworking protocol from my custom Lua script?

Thanks in advance.












CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.