The dissect_tcp_pdus function in LUA is passed two LUA functions that
get the PDU length and the dissect a PDU. When one of these functions
fail, a longjmp is made to the the caller of lua_pcall.
This is no problem for the PDU length function, but the PDU dissect
function is wrapped in a TRY/CATCH/ENDTRY block which also uses longjmp
and need to be fully executed. Without doing so, LUA exceptions will
crash on a weird location (except_pop).
Fix the crash by not using luaL_error, but throw dissector errors which
properly breaks out of the tcp_dissect_pdus C function and then convert
it to a LUA error such that the dissector can handle it.
Test with `tshark -X lua_script:crash.lua -r ssl.pcap`:
trivial_proto = Proto("trivial", "Trivial Protocol")
function dissect_foo(tvb, pinfo, tree)
error("triggering a LUA error");
end
function get_pdu_len(tvb, pinfo, tree) return 5; end
function trivial_proto.dissector(tvb, pinfo, tree)
dissect_tcp_pdus(tvb, tree, 5, get_pdu_len, dissect_foo)
end
tcp_table = DissectorTable.get("tcp.port")
tcp_table:add(443, trivial_proto)
It should not crash and will print this:
Lua Error: dissect_tcp_pdus dissect_func: [string "crash.lua"]:3: triggering a LUA error
Change-Id: Ibd079cc5eb3a2e4d2e62ea49a512fa2cc8e561ea
Reviewed-on: https://code.wireshark.org/review/10685
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Evan Huus <eapache@gmail.com>
This is initial support for reloading Lua plugins without
restarting the application.
Still todo:
- Deregister FileHandlers
- Support deregister ProtoField with existing abbrev (same_name_hfinfo)
- Add a progress dialog when reloading many plugins
- Search for memory leakages in wslua functions
Change-Id: I48870d8741251705ca15ffe1068613fcb0cb18c1
Reviewed-on: https://code.wireshark.org/review/5028
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Make each Lua Proto object have an alloacted ett value, so
that they expand/contract only for the same protocol.
Bug: 11356
Change-Id: I68fb3ff00e080b47d540344aba2554e392b7f1c4
Reviewed-on: https://code.wireshark.org/review/9611
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
The size of some of the wslua source files has grown large, and it's hard
to quickly find things. So split them up based on class name, as much as
seems reasonable. Also have the make-wsluarm.pl Perl script handle this.
Change-Id: Ib495ec5c2a4df90495c0a05504856288a0b09213
Reviewed-on: https://code.wireshark.org/review/9579
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
The ProtoField.framenum() Lua function says to use base.DEC, HEX, etc.
But it really can only allow base.NONE. Also, the code defaults
to base.DEC if none was given, and then errors if it's a FT_FRAMENUM;
instead the default base for FT_FRAMENUM should be base.NONE.
Change-Id: I0ec867069c66dbb58399ac2db4652469bfb39152
Reviewed-on: https://code.wireshark.org/review/9599
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Add Lua functions so a plugin can introspect field information, such
as the type of field, flags, tvb, etc. Also add a couple of Tvb and
ByteArray methods. And cleanup the TreeItem code a little.
Change-Id: I7b58ce589ace91cce14b8abccd01ceabb63e2653
Reviewed-on: https://code.wireshark.org/review/6500
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus()
to make TCP-based dissection easier.
Bug: 9851
Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3
Reviewed-on: https://code.wireshark.org/review/6778
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Fix errors found by American Fuzzy Lop's afl-gcc
(http://lcamtuf.coredump.cx/afl/):
peektagged.c:
error: 'fileVersion' may be used uninitialized in this function
packet-h223.c:
error: variable 'circuit_id' might be clobbered by 'longjmp' or 'vfork'
wslua_proto.c:
error: variable 'd' might be clobbered by 'longjmp' or 'vfork'
wslua_proto.c:
error: variable 'dt' might be clobbered by 'longjmp' or 'vfork'
Change-Id: Idd74a3ad7b236d3a8756c1e7e917b1c74143f381
Reviewed-on: https://code.wireshark.org/review/6767
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Lua prior to 5.3 defined luaL_{check,opt}int() as macros wrapping
luaL_{check,opt}integer() with a cast to int; Lua 5.3 doesn't.
It sounds as if the Lua developers are deprecating luaL_{check,opt}int():
http://osdir.com/ml/general/2014-10/msg46568.html
Change-Id: I2d0b649dcd57ede124f31d39f7945f342ae9b18f
Reviewed-on: https://code.wireshark.org/review/6744
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
Change-Id: I009c09f25d170e5c9aaaef713eaacb3252817856
Reviewed-on: https://code.wireshark.org/review/6460
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Changed all remaining code in wslua that was using emem, to use wmem or
simpler methods.
Bug: 9927
Change-Id: I3d19a770e0fd77d996bdb6b61a76a722cc2bcd55
Reviewed-on: https://code.wireshark.org/review/6109
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Allow Lua scripts to add their Protocol's dissector for "Decode as...".
Bug: 10696
Change-Id: Ic270cc85eff62ccfc29d8e5fcbb48247cfcd14bd
Reviewed-on: https://code.wireshark.org/review/6050
Petri-Dish: Hadriel Kaplan <hadrielk@yahoo.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Also, convert the "string" hf_ entries that used tvb_fcwwn_to_str as a string to use proto_tree_add_item with FT_FCWWN type.
Change-Id: I4ca77870499fd8239584a70874998b5d194a7167
Reviewed-on: https://code.wireshark.org/review/6036
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Permit passing TRUE as the parameter during table registration to achieve that
effect.
Use it in RTP media type table.
Bug: 10708
Change-Id: I892fb1a421d349f0c05197dec90f14fc34ad6b97
Reviewed-on: https://code.wireshark.org/review/5695
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
This makes it a bit more like dissector_all_tables_foreach_table.
Improve comments and clean up whitespace while we're at it.
Change-Id: I5147427f864add285e3bb6cb35ad9fa83bea516c
Reviewed-on: https://code.wireshark.org/review/5714
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's always pased a heur_dissector_list_t *, so give it that type,
rather than having it be a generic pointer.
Change-Id: Ia6a045bb1b96c2f6ef3e23f27928e0b52f7cfb9f
Reviewed-on: https://code.wireshark.org/review/5713
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This field can be used for adding filterable subtree entries.
Change-Id: Id395c9a8194dc00e6544170631b48d71ae9dd33e
Reviewed-on: https://code.wireshark.org/review/4573
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
This will register BER PDU-dissectors as "new".
Return number of bytes dissected from dissector_try_* functions.
Return number of bytes dissected in DissectorTable:try()
This will make it possible to get dissected length when using
dissector_try_*() and dissected ASN.1 length in Lua when using
DissectorTable:try() (as we already have for Dissector:call).
Change-Id: Iee17a68dc214fa0fb50b25fc927026ad7c1cbce4
Reviewed-on: https://code.wireshark.org/review/4531
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
This will register BER PDU-dissectors as "new".
Return number of bytes dissected from dissector_try_* functions.
Return number of bytes dissected in DissectorTable:try()
This will make it possible to get dissected length when using
dissector_try_*() and dissected ASN.1 length in Lua when using
DissectorTable:try() (as we already have for Dissector:call).
Change-Id: I8802a812bd484c1e8794c618b87e676003aea94a
Reviewed-on: https://code.wireshark.org/review/4493
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
This does not work for old-style dissectors as they always return
the number of bytes in incoming buffer and not the number of bytes
dissected. This is noted in the documentation.
Change-Id: I5b236a73952cac3efc830e40276283bed9af1f87
Reviewed-on: https://code.wireshark.org/review/2237
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
A common Lua idiom is to use chained calls, i.e. tree:foo():bar():choo(). This actually
works for tree:add() because it returns the new child tree item which is then the one
being applied to the next chained call. But it doesn't work beyond that for things like
set_generated() and so on. So this commit fixes that.
This also fixes the Lua tree:add() function for the FT_BOOL type to let it be a Lua boolean value.
And it reverts a previous change to Struct.tohex() to allow coercion of the argument.
Change-Id: I10f819d363163914ba320c87d4bedebe5b50cacf
Reviewed-on: https://code.wireshark.org/review/851
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds the ability for a Lua script to register expert info fields,
similar to C-code dissectors. This change also removes the need for
the expert_add_info_format_internal() function. Existing Lua scripts
do not have to change, because the existing expert info function
uses the internal "_ws.lua" protocol instead of nothing; but using
the new functionality provides more benefits since it correctly
registers the expert info fields to the dissector's protocol.
The test suite was amended to generate both old and new forms.
Change-Id: Ib5ae74e927cfa81312baf7b04ff4104b0b4f936e
Reviewed-on: https://code.wireshark.org/review/830
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This enhances the Lua API doc generator Perl script to handle
meta-information in description comments, such as bold, italics,
raw code, version info, etc.
The supported markup and codes are documented in make-wsluarm.pl.
It's not beautiful Perl code (I don't know Perl), and I'd rather
do it using Lua, but I think keeping it Perl makes more sense in
the long run.
Change-Id: I477b3ebe770075dcea9ec52708e2d6fb5758d2f4
Reviewed-on: https://code.wireshark.org/review/802
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This adds the ability for Lua scripts to register heuristic dissectors
for any protocol that has registered a heuristic dissector list, such
as UDP, TCP, and ~50 others. The Lua function can also establish a
conversation tied to its Proto dissector, to avoid having to check the
heuristics for the same flow. The example dissector in the testsuite
has also been enhanced to include a heuristic dissector, to verify
the functionality and provide an example implementation.
Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a
Reviewed-on: https://code.wireshark.org/review/576
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Accessing a pref before it's registered causes a segfault, because prefs_p->next
is not being checked for NULL in wslua_proto.c:Prefs__index().
Change-Id: I270978ddb9238a9e8d2c533a96fc01ee0df385c7
Reviewed-on: https://code.wireshark.org/review/563
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Use FT_NONE instead of 0 to initialize an enum.
Drop use of lround/llround since they are not available on Windows.
Change-Id: I3961c1921304bafc090c763f0d6de8532f0b3510
Reviewed-on: https://code.wireshark.org/review/425
Reviewed-by: Evan Huus <eapache@gmail.com>
This fixes/addresses all the coverity warnings shown by
the buildbots. (I hope)
Change-Id: Ic2722df97c577d274e3cf3f0cbdca1902edde047
Reviewed-on: https://code.wireshark.org/review/423
Reviewed-by: Gerald Combs <gerald@wireshark.org>
The current API for Lua provides a global function
"all_field_infos()" which returns all the populated field_info nodes
in the current proto_tree.
By default all_field_infos() "works", in the literal sense: it returns
exactly the fields the previous dissectors of the packet have
populated at that instant of time. But of course dissectors don't
populate all the applicable fields most of the time, because of the
TRY_TO_FAKE_THIS_ITEM optimization where they don't fill in things
that aren't needed at the time by a display, color, or tap's dfilter.
So this commit offers a way to force the dissectors to populate
all the applicable field_infos in the tree, by setting the proto_tree
to be visible. Obviously that is going to impact performance, since
it basically bypasses the TRY_TO_FAKE_THIS_ITEM optimization; so the
patch only does this if the Lua script author told it to explicitly,
by adding an argument to Listener.new() and register_postdissector().
Change-Id: I11d3559fbe8c14fbadf1b51415a3701dc1200b7b
Reviewed-on: https://code.wireshark.org/review/286
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
There are some common things people need to do, such as convert to/from hex or get
the raw binary string in a ByteArray/Tvb/TvbRange. These have been added, as well
as some tests for them in the testsuites. Also, functions have been added to allow
a script to get all the available tap types and filter fields, since they are
not exactly what one can see in the Wireshark gui.
Change-Id: I92e5e4eae713bb90d79b0c024eaa4e55b99cc96b
Reviewed-on: https://code.wireshark.org/review/249
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
As discussed in bug 3513 and 9709, one can register more than one new ProtoFields for
the same field name. Of course C-code can do that too, and does a LOT apparently, but
if they're not similar ftypes then things can get scrweed up in display filters.
So this change prevents duplicate field registration of dissimilar ftypes. The
similarity is based on the discussion on the mailing list, and the listing in
README.developer has been updated to refelect that as well.
Also, this change adds a testscript for Proto/ProtoFields.
Change-Id: I43bd323f785245941a21289647332a19adec2a9d
Reviewed-on: https://code.wireshark.org/review/285
Reviewed-by: Evan Huus <eapache@gmail.com>
Over time the various wslua classes/functions have gotten moldy, with different
ways of doing similar things. Some of it can't be changed without breaking
backwards compatibility for Lua scripts, so I didn't do that. But I did what
I could. The biggest change is a refactoring of how accessors/attributes
are handled in the code, so that most of them work the same way using the
same code.
Specific changes made:
* Added null/expired checking macro to class declarations for many classes
* Removed extraneous pointer/expired checking, since checkFoo() does that already
* Fixed "errors" reported by clang static analyzer; they were false positives, but it was easier to get it to stop complaining by changing the code
* Moved internal wslua functions from wslua_utils.c into a new 'wslua_internals.c' file
* Changed Listener/NSTime/Pinfo/Proto to use a common setter/getter accessor/attribute code model, instead of each of them doing their own
* Fixed some API doc mistakes, mostly around attributes that were documented as read-only but were actually read-write
Change-Id: Idddafc5fbd3545ebff29e063acc767e1c743a1a9
Reviewed-on: https://code.wireshark.org/review/271
Reviewed-by: Evan Huus <eapache@gmail.com>
Tested-by: Evan Huus <eapache@gmail.com>
Similar to bug 9725 and ProtoField.new(), the way the VALUESTRING argument is being checked
in the code for ProtoField.bool() ends up making it non-optional. This patch fixes that,
along with some minor API documentation fixes (text).
Change-Id: Iadb9a8ace9c5514fc623d882301fe16b637fe4ce
Reviewed-on: https://code.wireshark.org/review/125
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
Using ProtoField.new() is dicey. Many of the optional arguments don't properly check the lua stack - they call lua_isnil() for their index number, instead of lua_gettop() to see the stack size. lua_isnil() may return false in such cases.
Change-Id: I83ca1e5fc34e71ec35899adbedabcee69571b9fe
Reviewed-on: https://code.wireshark.org/review/118
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Stig Bjørlykke <stig@bjorlykke.org>
Peter Wu