demo_dissector.lua: bad argument #1 to 'getupvalue'

[DavidA2014]

Hi, I am new to Lua and WireBait. I'm working on Windows with Lua 5.3.4 and WireBait 2.0.0. I get an error when running the demo_dissector.lua example:

set LUA_PATH=\Lua\WireBait-2.0.0\wirebait.lua
Lua\lua53.exe \Lua\WireBait-2.0.0\example\demo_dissector.lua
\Lua\lua53.exe: \Lua\WireBait-2.0.0\wirebait.lua:62: bad argument #1 to 'getupvalue' (function expected, got nil)
stack traceback:
    [C]: in function 'debug.getupvalue'
    \Lua\WireBait-2.0.0\wirebait.lua:62: in function 'setfenv'
    \Lua\WireBait-2.0.0\wirebait.lua:1540: in field 'new'
    \Lua\WireBait-2.0.0\example\demo_dissector.lua:29: in main chunk
    [C]: in ?

How can I fix this please?

[MarkoPaul0]

Hi David,

Thanks a lot for your feedback. I am going to try and reproduce your issue and will get back to you later today (it's about 9am here and I should have time by the end of the day). Looking at your stack trace it seems like it could be an issue in the demo script, specifically at line 29: local dissector_tester = wirebait. plugin_tester.new({dissector_filepath="example/demo_dissector.lua" You can see the dissector_filepath value is a relative path, meaning that it expects your main lua directory to be the folder containing the example folder. Try and see if you can either change the filepath or change your directory to get it to work. One easy way would be to use the absolute path to demo_dissector.lua instead of a relative one.

Out of curiosity, what are you using to run this lua script?

Please let me know how that goes!

Good luck!

On Tue, Jul 3, 2018 at 8:00 AM, DavidA2014 notifications@github.com wrote:

Hi, I am new to Lua and WireBait. I'm working on Windows with Lua 5.3.4 and WireBait 2.0.0. I get an error when running the demo_dissector.lua example:

set LUA_PATH=\Lua\WireBait-2.0.0\wirebait.lua Lua\lua53.exe \Lua\WireBait-2.0.0\example\demo_dissector.lua \Lua\lua53.exe: \Lua\WireBait-2.0.0\wirebait.lua:62: bad argument #1 to 'getupvalue' (function expected, got nil) stack traceback: [C]: in function 'debug.getupvalue' \Lua\WireBait-2.0.0\wirebait.lua:62: in function 'setfenv' \Lua\WireBait-2.0.0\wirebait.lua:1540: in field 'new' \Lua\WireBait-2.0.0\example\demo_dissector.lua:29: in main chunk [C]: in ?

How can I fix this please?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/MarkoPaul0/WireBait/issues/1, or mute the thread https://github.com/notifications/unsubscribe-auth/AEmXiIQrUxrUTrChqABjIOr6q9cTgUg6ks5uC2r2gaJpZM4VA6BC .

--

Sincerely,

Markus Leballeux 312-888-6171

[DavidA2014]

Hi, thanks for your reply. I am using absolute paths:

C:\>\Lua\lua53.exe \Lua\WireBait-2.0.0\example\demo_dissector.lua
\Lua\lua53.exe: \Lua\WireBait-2.0.0\wirebait.lua:62: bad argument #1 to 'getupvalue' (function expected, got nil)
stack traceback:
    [C]: in function 'debug.getupvalue'
    \Lua\WireBait-2.0.0\wirebait.lua:62: in function 'setfenv'
    \Lua\WireBait-2.0.0\wirebait.lua:1540: in field 'new'
    \Lua\WireBait-2.0.0\example\demo_dissector.lua:29: in main chunk
    [C]: in ?

I am using the lua53.exe binary supplied in lua-5.3.4_Win64_bin.zip downloaded from: https://sourceforge.net/projects/luabinaries/files/5.3.4/Tools%20Executables/

[MarkoPaul0]

David,

Sorry for the delay. So the way you invoke your lua53.exe will have the current working directory set to wherver you are when you are invoking it. The thing is we want the current directory to be the root of the wirebait repo. In order to do that you need to invoke lua53.exe from the root of the wirebait repo. For instance on windows 10 and given the paths you gave me previously this should work:

cd C:\Lua\WireBait-2.0.0\
C:\Lua\lua53.exe .\example\demo_dissector.lua

Let me know if that helps

[MarkoPaul0]

By the way, it might be intimidating at first but I would recommend using ZeroBrane Studio. It is the most complete Lua IDE I am aware of, and it is open source ZeroBrane Studio Github Here

[DavidA2014]

Thanks, that does work. I notice that there is something wrong with the fonts:

[DavidA2014]

With my lua script I see:

\Lua\lua53.exe: \Lua\WireBait-2.0.0\wirebait.lua:1224: Start position should be positive positive!
stack traceback:
    [C]: in function 'assert'
    \Lua\WireBait-2.0.0\wirebait.lua:1224: in local 'buffer'
    \SVNProj\MyDir\trunk\Software\Tools\Wireshark\xran.lua:46: in field 'dissector'
    \Lua\WireBait-2.0.0\wirebait.lua:1573: in upvalue 'runDissector'
    \Lua\WireBait-2.0.0\wirebait.lua:1630: in method 'dissectHexData'
    \SVNProj\MyDir\trunk\Software\Tools\Wireshark\xran.lua:5: in main chunk
    [C]: in ?

[MarkoPaul0]

Interesting I can see the same thing on my side but only on windows AND when using the interpreter directly. Somehow when I run my script from ZeroBrane Studio on windows, there is no Unicode issue. On Mac it works fine regardless. I am trying to figure out why this happens on windows, I've asked that question on stackoverflow actually.

In the meantime If you want in your own copy of wirebait.lua you can look for the characters "└─" and replace them with whatever you want, maybe a dash or something. You should find it in a snipped that would look like this around line 860:

  local function prefix(depth)
    assert(depth >= 0, "Tree depth cannot be negative (" .. depth .. ")!");
    return depth == 0 and "" or string.rep(" ", 3*(depth - 1)) .. "└─ ";
  end

This is a cosmetic change and should not impair your ability to tests your own scripts.

Anyways, I'm glad you're trying stuff out. I'll keep you posted when I find out what's happening on Windows. Feel free to keep on tinkering and ask if anything else is bugging you.

Good luck!

[DavidA2014]

Thanks for your answer about the character display problem.

I think you have missed the second question I asked above about error 'Start position should be positive positive!' Please will you have a look at that?

[MarkoPaul0]

David, would you mind sharing your dissector code? If not could you at least share a code snippet around line 46?

[DavidA2014]

Hi Markus

I have tidied up the dissector. Here is the code:

general.zip

Here is the error:

Dissecting hexadecimal data (no pcap provided)
\Lua\lua53.exe: \Lua\WireBait-2.0.0\wirebait.lua:1224: Start position should be positive positive!
stack traceback:
[C]: in function 'assert'
\Lua\WireBait-2.0.0\wirebait.lua:1224: in local 'buffer'
    ...oj\Athena\trunk\Software\Prototypes\LuaTest1\general.lua:34: in field 'dissector'
    \Lua\WireBait-2.0.0\wirebait.lua:1573: in upvalue 'runDissector'
    \Lua\WireBait-2.0.0\wirebait.lua:1630: in method 'dissectHexData'
    ...oj\Athena\trunk\Software\Prototypes\LuaTest1\general.lua:6: in main chunk
    [C]: in ?

and the pcap file:

pcap.zip

[MarkoPaul0]

Hey David,

The issues are pretty simple to fix. Note that I have been working off of your HEX data (not the pcap).

It turns your script has a couple of issues:

1) First of all at line 34 you are trying to create a subtree by providing buffer(). By doing so you are treating the buffer as a function which will call the buffer:__call() methamethod. This method expects 2 values so a valid call would be buffer(2,1) for example. Here I suspect you wanted to create a subtree with the whole buffer, in which case you should just leave buffer as is. I'm going to try and work on making the error message a bit more descriptive.

2) Then the second issue had to do with the HEX data you provided, which was 72ABE636AFC86572. Now this is only 8 bytes long. However you can see at line 39 you are using buffer(12,4) which would mean your HEX data need to be at least 12+4 = 16 bytes long. To fix that issue I simply added 8 more bytes like so: 72ABE636AFC865720000000000000000 and here is the output I got:

------------------------------------------------------------------------------------------------------------------------------[[
Dissecting hexadecimal data (no pcap provided)

 72 AB E6 36 AF C8 65 72   00 00 00 00 00 00 00 00  |  test protocol
                                                    |  └─ messageLength: 0x72ABE636
                                                    |  └─ requestID: 0xAFC86572
                                                    |  └─ responseTo: 0x00000000
                                                    |  └─ opCode: 0x00000000
]]------------------------------------------------------------------------------------------------------------------------------

Hope this helps!

[DavidA2014]

Hi Markus

Thanks again for your help. Sorry about my mistakes. Using the hex string it now works. However, if I use the pcap:

if disable_lua == nil and not _WIREBAIT_ON_ then
  local wirebait = require("wirebait");
  local dissector_tester = wirebait.plugin_tester.new({only_show_dissected_packets=true});
  dissector_tester:dissectPcap("C://SVNProj//<snip>//Prototypes//LuaTest1//test.pcap");  --dissecting data from a pcap file
  --dissector_tester:dissectHexData("72ABE636AFC865720000000000000000");        --dissecting data from a hex string
  return
end

I get no output. Is there something wrong with the slashes?

Here is my pcap:

test.zip

Please will you try it?

[MarkoPaul0]

Your problem comes from the fact that your capture contains data for an unsupported network stack. Wirebait is currently only compatible with ETH-IP-TCP/UDP stack, while your capture does not contain ethernet (ETH) frames. This is because you were capturing data on your loopback interface. I'm not sure exactly what you are trying to capture, but you should try to capture data from another interface. There you should capture ethernet packets.

[DavidA2014]

Hi Markus

Thanks for identifying the loopback adapter as the problem.

One more question: my dissector is implemented as several .lua files. My dissector calls several subdissectors (in separate files) for the various message types of the protocol I am dissecting. Can I pass several .lua files to Wirebait?

Just a suggestion: I think it would be helpful to specify the Wirebait command line options in the documentation.

Best regards

David

[DavidA2014]

Hi Markus

Do you have any thoughts on my question above?

... my dissector is implemented as several .lua files. My dissector calls several subdissectors (in separate files) for the various message types of the protocol I am dissecting. Can I pass several .lua files to Wirebait?

Best regards

David

[MarkoPaul0]

Hi David,

Sorry about the delay. There shouldn't be any issues. Wirebait only needs to know about your main dissector file (the one that calls your subdissector). From there, your dissector should just act "normally" with the data that wirebait has extracted from either a HEX string or a pcap.

Hope this helps! (If it does please mark this issue as resolved.)

Cheers

[DavidA2014]

Hi Markus

Still struggling I'm afraid. I am now trying a more complex script that calls some sub-dissectors. I am getting error:

C:\Lua\WireBait-2.0.0>\Lua\lua53.exe <snip>\general.lua
\Lua\lua53.exe: ...trunk\<snip>\general.lua:156: attempt to call a nil value (method 'add')
stack traceback:
     ...<snip>\general.lua:156: in local 'dofile_func'
    \Lua\WireBait-2.0.0\wirebait.lua:1541: in field 'new'
    ...<snip>\general.lua:7: in main chunk
    [C]: in ?

The referred to part of my script is:

Any thoughts please?

[MarkoPaul0]

Ha! This is actually a bug. I just committed a change which should fix your issue.

[DavidA2014]

Hi Markus

I'm glad I finally found something helpful for you :-)

I am now using Wirebait 2.1.0 beta, with your patch. I still get an exception but it has moved:

C:\Lua\WireBait-2.1.0_beta>\Lua\lua53.exe <snip>\general.lua
\Lua\lua53.exe: ...<snip>\general.lua:159: attempt to call a nil value (field 'new')
stack traceback:
    ...<snip>\general.lua:159: in local 'dofile_func'
    \Lua\WireBait-2.0.0\wirebait.lua:1542: in field 'new'
    ...<snip>\general.lua:7: in main chunk
    [C]: in ?

and the relevant part of my code is:

[MarkoPaul0]

This is happening simply because I don’t support this feature yet. Could you send me a link to a wireshark API page describing the DissectorTable methods available?

On Jul 25, 2018, at 05:45, DavidA2014 notifications@github.com wrote:

Hi Markus

I'm glad I finally found something helpful for you :-)

I am now using Wirebait 2.1.0 beta, with your patch. I still get an exception but it has moved:

C:\Lua\WireBait-2.1.0_beta>\Lua\lua53.exe \general.lua \Lua\lua53.exe: ...\general.lua:159: attempt to call a nil value (field 'new') stack traceback: ...\general.lua:159: in local 'dofile_func' \Lua\WireBait-2.0.0\wirebait.lua:1542: in field 'new' ...\general.lua:7: in main chunk [C]: in ? and the relevant part of my code is:

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub, or mute the thread.

[DavidA2014]

https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Proto.html#lua_class_DissectorTable

[MarkoPaul0]

David, I'm still working on this at the moment. In the meantime could you try working without creating a new dissector table? I'd like to see if you can go further than this.

[DavidA2014]

Markus, If I comment out the dissector table I get no output from WireBait, even though I have subtree:add() calls before calling the dissector table functions. I don't understand that.

[MarkoPaul0]

David,

My apologies for the delay, would you mind sharing a zip file with your code? That would help me a great deal.

Thanks!

[MarkoPaul0]

Hi David,

Checking in again, any news on your side? To get this through quickly, I feel like sharing your code would be the easiest.

Thanks!

[DavidA2014]

Markus, sorry for the delay. How might I send you the code by private message?

David