gcla/termshark

Feature creep request: Lua scripting

deliciouslytyped opened this issue · 5 comments

deliciouslytyped commented

I don't have anything concrete in mind but tshark supports lua scripting, and it could be neat if termshark had it (if it exposed enough functionality to be useful). I don't know if wireshark supports lua for any frontend stuff.

As some precedent, the micro text editor is also written in Go, and has a (somewhat limited) integrated Lua interpreter that can be used as an example. I've done a little scripting with the micro editor: https://github.com/deliciouslytyped/micro-selfexec .

The thing is, the last time I looked I couldn't find an actively maintained Lua Go implementation. The one micro uses is https://github.com/yuin/gopher-lua/ .

See https://github.com/zyedidia/micro/search?q=commenter%3Adeliciouslytyped&type=issues for several issues I had with scripting micro. Namely, relatively low exposure of internal methods, and inability to load external shared objects (the latter being a gopher-lua limitation).

From a small bit of searching:

What to choose is entirely non-obvious to me, and I find none of the existing repos particularly motivating. Thus my gut feeling is "don't do this". :P At least not like this.

deliciouslytyped commented

An alternative approach would be something like bundling Lua proper and using some manner of socket/network communication, but this would also require relatively disciplined design. (It's great for extensibility if you can manage it.)

pocc commented

What kind of functionality are you expecting?

gcla commented

I've not really looked into lua scripting in Wireshark, so I took a quick look at the tshark docs to see how they reference lua:

       -X <eXtension options>
           Specify an option to be passed to a TShark module.  The eXtension option is in the form extension_key:value, where extension_key can be:

           lua_script:lua_script_filename tells TShark to load the given script in addition to the default Lua scripts.

           lua_scriptnum:argument tells TShark to pass the given argument to the lua script identified by 'num', which is the number indexed order of the 'lua_script' command. For example, if only one script was loaded with '-X lua_script:my.lua', then '-X
           lua_script1:foo' will pass the string 'foo' to the 'my.lua' script.  If two scripts were loaded, such as '-X lua_script:my.lua' and '-X lua_script:other.lua' in that order, then a '-X lua_script2:bar' would pass the string 'bar' to the second lua script,
           namely 'other.lua'.

You can configure termshark to pass extra arguments through to tshark via termshark's config file, ~/.config/termshark/termshark.toml e.g. here's what I have:

[main]
  tshark-args = ["-d", "udp.port==2075,cflow", "-d", "udp.port==9191,cflow", "-d", "udp.port==2055,cflow", "-d", "udp.port==2095,cflow"]

Do you think it would meet your need to add the -X commands to this list to load up your lua script?

Like @pocc I'm interested to hear more about your idea!

aedrax commented

I can confirm that a dissector I wrote in Lua for wireshark worked out of the box when I just tested it in termshark, unless the request is to have a console open up and write lua scripts dynamically

IsikcanYilmaz commented

I can confirm that a dissector I wrote in Lua for wireshark worked out of the box when I just tested it in termshark, unless the request is to have a console open up and write lua scripts dynamically

Hey! I'm trying to run termshark with my dissector as well! could you share how you did it?

When I do termshark -r <pcap/file> --pass-thru=true -X lua_script:<path/to/luascript> I see that termshark gets supplied the dissector that I want but it just prints out the captured packets and quits; I dont get a TUI.

would appreciate if you could assist @aedrax !