Running Wireshark's example Lua dissector in WireBait errors with attempt to call a nil value (global 'get_version')

[fabacab]

Hi, I am new to Lua and WireBait, so I apologize if I'm doing something particularly silly. My understanding is that WireBait more-or-less emulates Wireshark's Lua API so that we can run Lua dissectors and other Wireshark/tshark plugins without loading our Lua scripts as plugins in those programs.

Based on this assumption, I figured a simple "Hello world" test would be to see if I could run the Lua example dissector (dissector.lua) provided by the Wireshark wiki on its Lua/Examples page within WireBait.

So, I performed the following commands:

First, I created a .pcap file filled with several DNS packets at /tmp/dns.pcap:

# I use a proxy, hence the `lo` interface. But I assure you, there are DNS packets captured here.
tshark -i lo -f "udp port 53" -c 5 -w /tmp/dns.pcap

Then I attempted to run the example dissector as follows:

# Get the WireBait source code.
git clone https://github.com/MarkoPaul0/WireBait.git

# Get the Wireshark Lua example dissector.
curl -sL https://wiki.wireshark.org/Lua/Examples?action=AttachFile\&do=get\&target=dissector.lua > /tmp/dissector.lua

# Prepend the WireBait snippet as per its README.md file to the start of the dissector script.
# The path the capture file shoudl be `/tmp/dns.pcap` as per the capture file created earlier.
cat <<EOF > /tmp/wirebait-snippet.lua
if disable_lua == nil and not _WIREBAIT_ON_ then
    local wirebait = require("wirebait");
    local dissector_tester = wirebait.plugin_tester.new({only_show_dissected_packets=true});
    dissector_tester:dissectPcap("/tmp/dns.pcap");  --dissecting data from a pcap file
    return
end
EOF
cat /tmp/wirebait-snippet.lua /tmp/dissector.lua > /tmp/dissector-with-wirebait.lua

# Run the version of the example dissector with the WireBait snippet prepended.
LUA_PATH="$HOME/src/WireBait/wirebait.lua;;" lua /tmp/dissector-with-wirebait.lua

Unfortunately, I see the following error output upon this invocation of lua (with $HOME replacing the path to my home folder):

lua: /tmp/dissector-wirebait.lua:128: attempt to call a nil value (global 'get_version')
stack traceback:
        /tmp/dissector-wirebait.lua:128: in local 'dofile_func'
        $HOME/src/WireBait/wirebait.lua:1659: in field 'new'
        /tmp/dissector-wirebait.lua:3: in main chunk
        [C]: in ?

In case it is needed, here is my Lua version information:

$ lua -v
Lua 5.3.4  Copyright (C) 1994-2017 Lua.org, PUC-Rio

My suspicion is that the Wireshark get_version() function simply isn't implemented by WireBait (yet?) and hence the error, however, I really do not know for certain and cannot dig deeper at this exact moment. I would be happy to offer some additional feedback if you need or want it, though I cannot promise it. You asked for feedback from Wireshark users in your README, so…well, here's some that I hope helps!

Again, I'm not sure if you intended folks to use WireBait this way, but I figured it's probably not uncommon that someone might put two and two together from this repo and the Wireshark wiki's example files. It was the first thing that occurred to me to do, so I imagine it will probably occur to others to do this, as well.

Thanks for a neat project!

[MarkoPaul0]

Hi Again meitar,

Again thanks for giving me feedback. Now that I have proposed a fix for your other ticket I'm gonna look into that one. I'll give you posted as soon as I have some updates.