Wireshark Dissector in Lua

Question

First of all, I'm new to Lua altogether, and this is my first attempt at writing a wireshark dissector.

My protocol is straightforward - a 2 byte length field, followed by a string of that length.

When I run the code through the Lua console, everything works as expected.

When the code is added to the Wireshark plugins directory, I get the error

Lua Error: [string "C:\Users...\AppData\Roaming\Wireshark..."]:15: calling 'add' on bad self (number expected, got string)

Line 15 corresponds is the t:add(f_text... line.

Can anyone explain the discrepancy between the execution methods?

do
    local p_multi = Proto("aggregator","Aggregator");

    local f_len = ProtoField.int16("aggregator.length","Length",base.DEC)
    local f_text = ProtoField.string("aggregator.text","Text")

    p_multi.fields = { f_len, f_text }

    local data_dis = Dissector.get("data")

    function p_multi.dissector(buf,pkt,root)
            pkt.cols.protocol = "Aggregator"
            local len = buf(0,2):int()
            local t = root:add(p_multi,buf(0,len+2))
            t:add(f_len,buf(0,2),"Length: " .. buf(0,2):int())
            t:add(f_text,buf(2,len),"Text: " .. buf(2,len):string())
    end

    local tcp_encap_table = DissectorTable.get("tcp.port")
    tcp_encap_table:add(4321,p_multi)
end

Answer 1

Your dissector code is very close to correct, but you're doing extra work that the interface won't accept. If you change your dissector function like so,

function p_multi.dissector(buf,pkt,root)
        pkt.cols.protocol = "Aggregator"
        local len = buf(0,2):int()
        local t = root:add(p_multi,buf(0,len+2))
        t:add(f_len,buf(0,2)) --let Wireshark do the hard work
        t:add(f_text,buf(2,len)) --you've already defined their labels etc.
end

you'll get the desired behavior. The labels "Text" and "Length" are already defined for your fields, so there is no need to provide them again on lines 15 and 16.