Open deliciouslytyped opened 3 years ago
deliciouslytyped
commented
3 years ago An alternative approach would be something like bundling Lua proper and using some manner of socket/network communication, but this would also require relatively disciplined design. (It's great for extensibility if you can manage it.)
pocc
commented
3 years ago What kind of functionality are you expecting?
gcla
commented
3 years ago I've not really looked into lua scripting in Wireshark, so I took a quick look at the tshark docs to see how they reference lua:
-X <eXtension options>
Specify an option to be passed to a TShark module. The eXtension option is in the form extension_key:value, where extension_key can be:
lua_script:lua_script_filename tells TShark to load the given script in addition to the default Lua scripts.
lua_scriptnum:argument tells TShark to pass the given argument to the lua script identified by 'num', which is the number indexed order of the 'lua_script' command. For example, if only one script was loaded with '-X lua_script:my.lua', then '-X
lua_script1:foo' will pass the string 'foo' to the 'my.lua' script. If two scripts were loaded, such as '-X lua_script:my.lua' and '-X lua_script:other.lua' in that order, then a '-X lua_script2:bar' would pass the string 'bar' to the second lua script,
namely 'other.lua'.You can configure termshark to pass extra arguments through to tshark via termshark's config file, ~/.config/termshark/termshark.toml e.g. here's what I have:
[main]
tshark-args = ["-d", "udp.port==2075,cflow", "-d", "udp.port==9191,cflow", "-d", "udp.port==2055,cflow", "-d", "udp.port==2095,cflow"]Do you think it would meet your need to add the -X commands to this list to load up your lua script?
Like @pocc I'm interested to hear more about your idea!
aedrax
commented
1 year ago I can confirm that a dissector I wrote in Lua for wireshark worked out of the box when I just tested it in termshark, unless the request is to have a console open up and write lua scripts dynamically
IsikcanYilmaz
commented
8 months ago I can confirm that a dissector I wrote in Lua for wireshark worked out of the box when I just tested it in termshark, unless the request is to have a console open up and write lua scripts dynamically
Hey! I'm trying to run termshark with my dissector as well! could you share how you did it?
When I do termshark -r <pcap/file> --pass-thru=true -X lua_script:<path/to/luascript> I see that termshark gets supplied the dissector that I want but it just prints out the captured packets and quits; I dont get a TUI.
would appreciate if you could assist @aedrax !
I don't have anything concrete in mind but tshark supports lua scripting, and it could be neat if termshark had it (if it exposed enough functionality to be useful). I don't know if wireshark supports lua for any frontend stuff.
As some precedent, the micro text editor is also written in Go, and has a (somewhat limited) integrated Lua interpreter that can be used as an example. I've done a little scripting with the micro editor: https://github.com/deliciouslytyped/micro-selfexec .
The thing is, the last time I looked I couldn't find an actively maintained Lua Go implementation. The one micro uses is https://github.com/yuin/gopher-lua/ .
See https://github.com/zyedidia/micro/search?q=commenter%3Adeliciouslytyped&type=issues for several issues I had with scripting micro. Namely, relatively low exposure of internal methods, and inability to load external shared objects (the latter being a gopher-lua limitation).
From a small bit of searching:
What to choose is entirely non-obvious to me, and I find none of the existing repos particularly motivating. Thus my gut feeling is "don't do this". :P At least not like this.