Lua dissector does not get called

[Sidda Eraiah <sidda.eraiah () kaazing com>]

I am writing a custom dissector for a protocol and have followed
instructions to enable lua scripts by commenting out the disable_lua line in
init.lua file. I also have run_user_scripts_when_superuser set to true.

The dissector I have is as follows in wse.lua:

do
    ws_proto = Proto("wse", "Enhanced ws");
    function ws_proto.dissector(buffer, pinfo, tree)
        print("dissector called")
        pinfo.cols.protocol="WSE"
        print (buffer (0, 4):string())
        local subtreeitem = tree:add(ws_proto, buffer(), "WSE traffic")
        subtreeitem:add_le(buffer(), "traffic")
        pinfo.cols.info:set("WSE");
    end
    DissectorTable.get("tcp.port"):add(8001, ws_proto)
    print(ws_proto.name)
end


When run tshark or wireshark by passing the this wse.lua file in the command
line using "sudo wireshark -X lua_script:wse.lua", I do see the wse protocol
listed in the expressions dialog correctly.

*Issue*

When I try to record some traffic by sending bytes on port 8001 (this
dissector is registered on 8001), my dissector is not called. Instead it
shows the log as this.

WSE
Running as user "root" and group "root". This could be dangerous.
Capturing on lo
  0.000000    127.0.0.1 -> 127.0.0.1    HTTP Continuation or non-HTTP
traffic
  0.000966    127.0.0.1 -> 127.0.0.1    HTTP Continuation or non-HTTP
traffic
  0.001001    127.0.0.1 -> 127.0.0.1    TCP 59174 > vcom-tunnel [ACK] Seq=20
Ack

Please note that WSE is printed by my script, but the dissector is not
called and the internal HTTP dissector is getting called.

*Other thing I tried*
*
*
So, I started wireshark with out the lua file by executing "sudo wireshark"
and open up the evaluate dialog by clicking on Tools->Lua->Evaluate menu. In
this evaluate dialog, I copied the contents of wse.lua file and evaluated
it. I see the "WSE" (my log) is printed on the console. After running this,
if I record traffic on loopback, it calls my dissector correctly and I see
the entries in wireshark as wse and also the logs that I am printing.

I am running my tests using Wireshark 1.2.7 running on Ubuntu. Here is the
information from the about box.

 Version 1.2.7

Copyright 1998-2010 Gerald Combs <gerald () wireshark org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.20.0, with GLib 2.24.0, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18 2010 23:31:11),
without AirPcap.

Running on Linux 2.6.32-22-generic, with libpcap version 1.0.0, GnuTLS
2.8.5,
Gcrypt 1.4.4.


It appears that the HTTP dissector is taking priority over my dissector for
some reason. Your valuable insights or workarounds to get this Lua dissector
to work correctly is appreciated.

Thanks in advance.

-- 
Best Regards,
Sidda

Director of Management Services
> |< Kaazing Corporation >|<
888, Villa St. Suite #410, Mountain View, CA 94041, USA

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe