Lua support in wireshark

Lua是一種功能強大的輕量級編程語言，旨在用于擴展應用程序。Wireshark包含一個嵌入式Lua 5.2解釋器，可用于編寫解剖器，分路器和捕獲文件讀取器和寫入器。

Wireshark的Lua解釋器首先加載一個init.lua來自Wireshark的全局配置目錄的文件。在全局配置目錄的init.lua控制Lua腳本是否被通過啟用 enable_lua變量。Lua腳本默認是啟用的。要禁用Lua腳本，請將enable_lua變量設置為false。Wireshark 2.6和更早版本使用變量disable_lua啟用或禁用Lua腳本（不建議使用）。如果enable_lua和 disable_lua都存在，則disable_lua被忽略。

如果啟用了Lua，Wireshark將嘗試init.lua 從用戶的 個人配置目錄中加載一個名為 文件的文件，并在全局和個人 插件目錄中 加載所有以.lua結尾的文件。

命令行選項-X lua_script：file.lua也可以用于加載特定的Lua腳本。

在初始化所有協議解剖器之后且讀取任何文件之前，將執行Lua代碼。

Windows的Wireshark使用修改后的Lua運行時（lua-unicode）支持Unicode（UTF-8）文件系統路徑。這帶來了與其他平臺（例如Linux和macOS）的一致性。

示例：使用Lua創建菜單

下面的代碼在“工具”菜單下添加了一個菜單“ Lua Dialog Test”。選中后，它將打開一個對話框，提示用戶輸入，然后打開一個帶有輸出的文本窗口。

local function dialog_menu()
    local function dialog_func(person,eyes,hair)
        local window = TextWindow.new("Person Info");
        local message = string.format("Person %s with %s eyes and %s hair.", person, eyes, hair);
        window:set(message);
    end

    new_dialog("Dialog Test",dialog_func,"A Person","Eyes","Hair")
end

-- Create the menu entry
register_menu("Lua Dialog Test",dialog_menu,MENU_TOOLS_UNSORTED)

-- Notify the user that the menu was created
if gui_enabled() then
   local splash = TextWindow.new("Hello!");
   splash:set("Wireshark has been enhanced with a useless feature.\n")
   splash:append("Go to 'Tools->Lua Dialog Test' and check it out!")
end

示例：用Lua編寫的Dissector

local p_multi = Proto("multi", "MultiProto");

local vs_protos = {
        [2] = "mtp2",
        [3] = "mtp3",
        [4] = "alcap",
        [5] = "h248",
        [6] = "ranap",
        [7] = "rnsap",
        [8] = "nbap"
}

local f_proto = ProtoField.uint8("multi.protocol", "Protocol", base.DEC, vs_protos)
local f_dir = ProtoField.uint8("multi.direction", "Direction", base.DEC, { [1] = "incoming", [0] = "outgoing"})
local f_text = ProtoField.string("multi.text", "Text")

p_multi.fields = { f_proto, f_dir, f_text }

local data_dis = Dissector.get("data")

local protos = {
        [2] = Dissector.get("mtp2"),
        [3] = Dissector.get("mtp3"),
        [4] = Dissector.get("alcap"),
        [5] = Dissector.get("h248"),
        [6] = Dissector.get("ranap"),
        [7] = Dissector.get("rnsap"),
        [8] = Dissector.get("nbap"),
        [9] = Dissector.get("rrc"),
        [10] = DissectorTable.get("sctp.ppi"):get_dissector(3), -- m3ua
        [11] = DissectorTable.get("ip.proto"):get_dissector(132), -- sctp
}

function p_multi.dissector(buf, pkt, tree)

        local subtree = tree:add(p_multi, buf(0,2))
        subtree:add(f_proto, buf(0,1))
        subtree:add(f_dir, buf(1,1))

        local proto_id = buf(0,1):uint()

        local dissector = protos[proto_id]

        if dissector ~= nil then
                -- Dissector was found, invoke subdissector with a new Tvb,
                -- created from the current buffer (skipping first two bytes).
                dissector:call(buf(2):tvb(), pkt, tree)
        elseif proto_id < 2 then
                subtree:add(f_text, buf(2))
                -- pkt.cols.info:set(buf(2, buf:len() - 3):string())
        else
                -- fallback dissector that just shows the raw data.
                data_dis:call(buf(2):tvb(), pkt, tree)
        end

end

local wtap_encap_table = DissectorTable.get("wtap_encap")
local udp_encap_table = DissectorTable.get("udp.port")

wtap_encap_table:add(wtap.USER15, p_multi)
wtap_encap_table:add(wtap.USER12, p_multi)
udp_encap_table:add(7555, p_multi)

示例：用Lua編寫的偵聽器

• 該程序將注冊一個菜單，該菜單將打開一個窗口，顯示發生次數

• 捕獲中每個地址的

  local function menuable_tap()
    -- Declare the window we will use
    local tw = TextWindow.new("Address Counter")
  
    -- This will contain a hash of counters of appearances of a certain address
    local ips = {}
  
    -- this is our tap
    local tap = Listener.new();
  
    local function remove()
        -- this way we remove the listener that otherwise will remain running indefinitely
        tap:remove();
    end
  
    -- we tell the window to call the remove() function when closed
    tw:set_atclose(remove)
  
    -- this function will be called once for each packet
    function tap.packet(pinfo,tvb)
        local src = ips[tostring(pinfo.src)] or 0
        local dst = ips[tostring(pinfo.dst)] or 0
  
        ips[tostring(pinfo.src)] = src + 1
        ips[tostring(pinfo.dst)] = dst + 1
    end
  
    -- this function will be called once every few seconds to update our window
    function tap.draw(t)
        tw:clear()
        for ip,num in pairs(ips) do
            tw:append(ip .. "\t" .. num .. "\n");
        end
    end
  
    -- this function will be called whenever a reset is needed
    -- e.g. when reloading the capture file
    function tap.reset()
        tw:clear()
        ips = {}
    end
  
    -- Ensure that all existing packets are processed.
    retap_packets()
  end
  

– using this function we register our function
– to be called when the user selects the Tools->Test->Packets menu
register_menu(“Test/Packets”, menuable_tap, MENU_TOOLS_UNSORTED)