-- init.lua -- -- initialize wireshark's lua -- -- This file is going to be executed before any other lua script. -- It can be used to load libraries, disable functions and more. -- -- Wireshark - Network traffic analyzer -- By Gerald Combs -- Copyright 1998 Gerald Combs -- -- This program is free software; you can redistribute it and/or -- modify it under the terms of the GNU General Public License -- as published by the Free Software Foundation; either version 2 -- of the License, or (at your option) any later version. -- -- This program is distributed in the hope that it will be useful, -- but WITHOUT ANY WARRANTY; without even the implied warranty of -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License -- along with this program; if not, write to the Free Software -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -- Set disable_lua to true to disable Lua support. disable_lua = false if disable_lua then return end -- If set and we are running with special privileges this setting -- tells whether scripts other than this one are to be run. run_user_scripts_when_superuser = false -- disable potentialy harmful lua functions when running superuser if running_superuser then local hint = "has been disabled due to running Wireshark as superuser. See https://wiki.wireshark.org/CaptureSetup/CapturePrivileges for help in running Wireshark as an unprivileged user." local disabled_lib = {} setmetatable(disabled_lib,{ __index = function() error("this package ".. hint) end } ); dofile = function() error("dofile " .. hint) end loadfile = function() error("loadfile " .. hint) end loadlib = function() error("loadlib " .. hint) end require = function() error("require " .. hint) end os = disabled_lib io = disabled_lib file = disabled_lib end -- to avoid output to stdout which can cause problems lua's print () -- has been suppresed so that it yields an error. -- have print() call info() instead. if gui_enabled() then print = info end function typeof(obj) local mt = getmetatable(obj) return mt and mt.__typeof or obj.__typeof or type(obj) end -- the following function checks if a file exists -- since 1.11.3 function file_exists(name) local f = io.open(name,"r") if f ~= nil then io.close(f) return true else return false end end -- the following function prepends the given directory name to -- the package.path, so that a 'require "foo"' will work if 'foo' -- is in the directory name given to this function. For example, -- if your Lua file will do a 'require "foo"' and the foo.lua -- file is in a local directory (local to your script) named 'bar', -- then call this function before doing your 'require', by doing -- package.prepend_path("bar") -- and that will let Wireshark's Lua find the file "bar/foo.lua" -- when you later do 'require "foo"' -- -- Because this function resides here in init.lua, it does not -- have the same environment as your script, so it has to get it -- using the debug library, which is why the code appears so -- cumbersome. -- -- since 1.11.3 function package.prepend_path(name) local debug = require "debug" -- get the function calling this package.prepend_path function local dt = debug.getinfo(2, "f") if not dt then error("could not retrieve debug info table") end -- get its upvalue local _, val = debug.getupvalue(dt.func, 1) if not val or type(val) ~= 'table' then error("No calling function upvalue or it is not a table") end -- get the __DIR__ field in its upvalue table local dir = val["__DIR__"] -- get the platform-specific directory separator character local sep = package.config:sub(1,1) -- prepend the dir and given name to path if dir and dir:len() > 0 then package.path = dir .. sep .. name .. sep .. "?.lua;" .. package.path end -- also prepend just the name as a directory package.path = name .. sep .. "?.lua;" .. package.path end -- -- Wiretap encapsulations XXX wtap_encaps = { ["PER_PACKET"] = -1, ["UNKNOWN"] = 0, ["ETHERNET"] = 1, ["TOKEN_RING"] = 2, ["SLIP"] = 3, ["PPP"] = 4, ["FDDI"] = 5, ["FDDI_BITSWAPPED"] = 6, ["RAW_IP"] = 7, ["ARCNET"] = 8, ["ARCNET_LINUX"] = 9, ["ATM_RFC1483"] = 10, ["LINUX_ATM_CLIP"] = 11, ["LAPB"] = 12, ["ATM_PDUS"] = 13, ["ATM_PDUS_UNTRUNCATED"] = 14, ["NULL"] = 15, ["ASCEND"] = 16, ["ISDN"] = 17, ["IP_OVER_FC"] = 18, ["PPP_WITH_PHDR"] = 19, ["IEEE_802_11"] = 20, ["IEEE_802_11_PRISM"] = 21, ["IEEE_802_11_WITH_RADIO"] = 22, ["IEEE_802_11_RADIOTAP"] = 23, ["IEEE_802_11_AVS"] = 24, ["SLL"] = 25, ["FRELAY"] = 26, ["FRELAY_WITH_PHDR"] = 27, ["CHDLC"] = 28, ["CISCO_IOS"] = 29, ["LOCALTALK"] = 30, ["OLD_PFLOG"] = 31, ["HHDLC"] = 32, ["DOCSIS"] = 33, ["COSINE"] = 34, ["WFLEET_HDLC"] = 35, ["SDLC"] = 36, ["TZSP"] = 37, ["ENC"] = 38, ["PFLOG"] = 39, ["CHDLC_WITH_PHDR"] = 40, ["BLUETOOTH_H4"] = 41, ["MTP2"] = 42, ["MTP3"] = 43, ["IRDA"] = 44, ["USER0"] = 45, ["USER1"] = 46, ["USER2"] = 47, ["USER3"] = 48, ["USER4"] = 49, ["USER5"] = 50, ["USER6"] = 51, ["USER7"] = 52, ["USER8"] = 53, ["USER9"] = 54, ["USER10"] = 55, ["USER11"] = 56, ["USER12"] = 57, ["USER13"] = 58, ["USER14"] = 59, ["USER15"] = 60, ["SYMANTEC"] = 61, ["APPLE_IP_OVER_IEEE1394"] = 62, ["BACNET_MS_TP"] = 63, ["NETTL_RAW_ICMP"] = 64, ["NETTL_RAW_ICMPV6"] = 65, ["GPRS_LLC"] = 66, ["JUNIPER_ATM1"] = 67, ["JUNIPER_ATM2"] = 68, ["REDBACK"] = 69, ["NETTL_RAW_IP"] = 70, ["NETTL_ETHERNET"] = 71, ["NETTL_TOKEN_RING"] = 72, ["NETTL_FDDI"] = 73, ["NETTL_UNKNOWN"] = 74, ["MTP2_WITH_PHDR"] = 75, ["JUNIPER_PPPOE"] = 76, ["GCOM_TIE1"] = 77, ["GCOM_SERIAL"] = 78, ["NETTL_X25"] = 79, ["K12"] = 80, ["JUNIPER_MLPPP"] = 81, ["JUNIPER_MLFR"] = 82, ["JUNIPER_ETHER"] = 83, ["JUNIPER_PPP"] = 84, ["JUNIPER_FRELAY"] = 85, ["JUNIPER_CHDLC"] = 86, ["JUNIPER_GGSN"] = 87, ["LINUX_LAPD"] = 88, ["CATAPULT_DCT2000"] = 89, ["BER"] = 90, ["JUNIPER_VP"] = 91, ["USB"] = 92, ["IEEE802_16_MAC_CPS"] = 93, ["NETTL_RAW_TELNET"] = 94, ["USB_LINUX"] = 95, ["MPEG"] = 96, ["PPI"] = 97, ["ERF"] = 98, ["BLUETOOTH_H4_WITH_PHDR"] = 99, ["SITA"] = 100, ["SCCP"] = 101, ["BLUETOOTH_HCI"] = 102, ["IPMB"] = 103, ["IEEE802_15_4"] = 104, ["X2E_XORAYA"] = 105, ["FLEXRAY"] = 106, ["LIN"] = 107, ["MOST"] = 108, ["CAN20B"] = 109, ["LAYER1_EVENT"] = 110, ["X2E_SERIAL"] = 111, ["I2C"] = 112, ["IEEE802_15_4_NONASK_PHY"] = 113, ["TNEF"] = 114, ["USB_LINUX_MMAPPED"] = 115, ["GSM_UM"] = 116, ["DPNSS"] = 117, ["PACKETLOGGER"] = 118, ["NSTRACE_1_0"] = 119, ["NSTRACE_2_0"] = 120, ["FIBRE_CHANNEL_FC2"] = 121, ["FIBRE_CHANNEL_FC2_WITH_FRAME_DELIMS"] = 122, ["JPEG_JFIF"] = 123, ["IPNET"] = 124, ["SOCKETCAN"] = 125, ["IEEE_802_11_NETMON"] = 126, ["IEEE802_15_4_NOFCS"] = 127, ["RAW_IPFIX"] = 128, ["RAW_IP4"] = 129, ["RAW_IP6"] = 130, ["LAPD"] = 131, ["DVBCI"] = 132, ["MUX27010"] = 133, ["MIME"] = 134, ["NETANALYZER"] = 135, ["NETANALYZER_TRANSPARENT"] = 136, ["IP_OVER_IB"] = 137, ["MPEG_2_TS"] = 138, ["PPP_ETHER"] = 139, ["NFC_LLCP"] = 140, ["NFLOG"] = 141, ["V5_EF"] = 142, ["BACNET_MS_TP_WITH_PHDR"] = 143, ["IXVERIWAVE"] = 144, ["IEEE_802_11_AIROPEEK"] = 145, ["SDH"] = 146, ["DBUS"] = 147, ["AX25_KISS"] = 148, ["AX25"] = 149, ["SCTP"] = 150, ["INFINIBAND"] = 151, ["JUNIPER_SVCS"] = 152, ["USBPCAP"] = 153, ["RTAC_SERIAL"] = 154, ["BLUETOOTH_LE_LL"] = 155, ["WIRESHARK_UPPER_PDU"] = 156, ["STANAG_4607"] = 157, ["STANAG_5066_D_PDU"] = 158, ["NETLINK"] = 159, ["BLUETOOTH_LINUX_MONITOR"] = 160, ["BLUETOOTH_BREDR_BB"] = 161, ["BLUETOOTH_LE_LL_WITH_PHDR"] = 162, ["NSTRACE_3_0"] = 163, ["LOGCAT"] = 164, ["LOGCAT_BRIEF"] = 165, ["LOGCAT_PROCESS"] = 166, ["LOGCAT_TAG"] = 167, ["LOGCAT_THREAD"] = 168, ["LOGCAT_TIME"] = 169, ["LOGCAT_THREADTIME"] = 170, ["LOGCAT_LONG"] = 171, ["PKTAP"] = 172, ["EPON"] = 173, ["IPMI_TRACE"] = 174, ["LOOP"] = 175, ["JSON"] = 176, ["NSTRACE_3_5"] = 177 } wtap = wtap_encaps -- for bw compatibility -- -- Wiretap file types wtap_filetypes = { ["UNKNOWN"] = 0, ["PCAP"] = 1, ["PCAPNG"] = 2, ["PCAP_NSEC"] = 3, ["PCAP_AIX"] = 4, ["PCAP_SS991029"] = 5, ["PCAP_NOKIA"] = 6, ["PCAP_SS990417"] = 7, ["PCAP_SS990915"] = 8, ["5VIEWS"] = 9, ["IPTRACE_1_0"] = 10, ["IPTRACE_2_0"] = 11, ["BER"] = 12, ["HCIDUMP"] = 13, ["CATAPULT_DCT2000"] = 14, ["NETXRAY_OLD"] = 15, ["NETXRAY_1_0"] = 16, ["COSINE"] = 17, ["CSIDS"] = 18, ["DBS_ETHERWATCH"] = 19, ["ERF"] = 20, ["EYESDN"] = 21, ["NETTL"] = 22, ["ISERIES"] = 23, ["ISERIES_UNICODE"] = 24, ["I4BTRACE"] = 25, ["ASCEND"] = 26, ["NGSNIFFER_UNCOMPRESSED"] = 29, ["NGSNIFFER_COMPRESSED"] = 30, ["NETXRAY_1_1"] = 31, ["NETWORK_INSTRUMENTS"] = 33, ["LANALYZER"] = 34, ["PPPDUMP"] = 35, ["RADCOM"] = 36, ["SNOOP"] = 37, ["SHOMITI"] = 38, ["VMS"] = 39, ["K12"] = 40, ["TOSHIBA"] = 41, ["VISUAL_NETWORKS"] = 42, ["PEEKCLASSIC_V56"] = 43, ["PEEKCLASSIC_V7"] = 44, ["PEEKTAGGED"] = 45, ["MPEG"] = 46, ["K12TEXT"] = 47, ["NETSCREEN"] = 48, ["COMMVIEW"] = 49, ["BTSNOOP"] = 50, ["TNEF"] = 51, ["DCT3TRACE"] = 52, ["PACKETLOGGER"] = 53, ["DAINTREE_SNA"] = 54, ["NETSCALER_1_0"] = 55, ["NETSCALER_2_0"] = 56, ["JPEG_JFIF"] = 57, ["IPFIX"] = 58, ["MIME"] = 59, ["AETHRA"] = 60, ["MPEG_2_TS"] = 61, ["VWR_80211"] = 62, ["VWR_ETH"] = 63, ["CAMINS"] = 64, ["STANAG_4607"] = 65, ["NETSCALER_3_0"] = 66, ["LOGCAT"] = 67, ["LOGCAT_BRIEF"] = 68, ["LOGCAT_PROCESS"] = 69, ["LOGCAT_TAG"] = 70, ["LOGCAT_THREAD"] = 71, ["LOGCAT_TIME"] = 72, ["LOGCAT_THREADTIME"] = 73, ["LOGCAT_LONG"] = 74, ["COLASOFT_CAPSA"] = 75, ["COLASOFT_PACKET_BUILDER"] = 76, ["JSON"] = 77, ["NETSCALER_3_5"] = 78, ["NETTRACE_3GPP_32_423"] = 79, ["TSPREC_SEC"] = 0, ["TSPREC_DSEC"] = 1, ["TSPREC_CSEC"] = 2, ["TSPREC_MSEC"] = 3, ["TSPREC_USEC"] = 6, ["TSPREC_NSEC"] = 9 } -- -- Wiretap timestamp precision types wtap_tsprecs = { ["SEC"] = 0, ["DSEC"] = 1, ["CSEC"] = 2, ["MSEC"] = 3, ["USEC"] = 6, ["NSEC"] = 9 } -- -- Wiretap file comment types wtap_comments = { ["PER_SECTION"] = 0x00000001, ["PER_INTERFACE"] = 0x00000002, ["PER_PACKET"] = 0x00000004 } -- -- Field Types ftypes = { ["NONE"] = 0, ["PROTOCOL"] = 1, ["BOOLEAN"] = 2, ["UINT8"] = 3, ["UINT16"] = 4, ["UINT24"] = 5, ["UINT32"] = 6, ["UINT40"] = 7, ["UINT48"] = 8, ["UINT56"] = 9, ["UINT64"] = 10, ["INT8"] = 11, ["INT16"] = 12, ["INT24"] = 13, ["INT32"] = 14, ["INT40"] = 15, ["INT48"] = 16, ["INT56"] = 17, ["INT64"] = 18, ["FLOAT"] = 19, ["DOUBLE"] = 20, ["ABSOLUTE_TIME"] = 21, ["RELATIVE_TIME"] = 22, ["STRING"] = 23, ["STRINGZ"] = 24, ["UINT_STRING"] = 25, ["ETHER"] = 26, ["BYTES"] = 27, ["UINT_BYTES"] = 28, ["IPv4"] = 29, ["IPv6"] = 30, ["IPXNET"] = 31, ["FRAMENUM"] = 32, ["PCRE"] = 33, ["GUID"] = 34, ["OID"] = 35, ["EUI64"] = 36, ["AX25"] = 37, ["VINES"] = 38, ["REL_OID"] = 39, ["SYSTEM_ID"] = 40, ["STRINGZPAD"] = 41, ["FCWWN"] = 42 } -- the following table is since 2.0 -- -- Field Type FRAMENUM Types frametype = { ["NONE"] = 0, ["REQUEST"] = 1, ["RESPONSE"] = 2, ["ACK"] = 3, ["DUP_ACK"] = 4 } -- the following table is since 1.12 -- -- Wiretap record_types wtap_rec_types = { ["PACKET"] = 0, -- packet ["FT_SPECIFIC_EVENT"] = 1, -- file-type-specific event ["FT_SPECIFIC_REPORT"] = 2, -- file-type-specific report } -- the following table is since 1.11.3 -- -- Wiretap presence flags wtap_presence_flags = { ["TS"] = 1, -- time stamp ["CAP_LEN"] = 2, -- captured length separate from on-the-network length ["INTERFACE_ID"] = 4, -- interface ID ["COMMENTS"] = 8, -- comments ["DROP_COUNT"] = 16, -- drop count ["PACK_FLAGS"] = 32, -- packet flags } -- -- Display Bases base = { ["NONE"] = 0, ["DEC"] = 1, ["HEX"] = 2, ["OCT"] = 3, ["DEC_HEX"] = 4, ["HEX_DEC"] = 5, ["CUSTOM"] = 6, ["NETMASK"] = 12, ["PT_UDP"] = 13, ["PT_TCP"] = 14, ["PT_DCCP"] = 15, } -- -- Encodings ENC_BIG_ENDIAN = 0 ENC_LITTLE_ENDIAN = 2147483648 ENC_TIME_TIMESPEC = 0 ENC_TIME_NTP = 2 ENC_TIME_TOD = 4 ENC_CHARENCODING_MASK = 2147483646 ENC_ASCII = 0 ENC_UTF_8 = 2 ENC_UTF_16 = 4 ENC_UCS_2 = 6 ENC_UCS_4 = 8 ENC_ISO_8859_1 = 10 ENC_ISO_8859_2 = 12 ENC_ISO_8859_3 = 14 ENC_ISO_8859_4 = 16 ENC_ISO_8859_5 = 18 ENC_ISO_8859_6 = 20 ENC_ISO_8859_7 = 22 ENC_ISO_8859_8 = 24 ENC_ISO_8859_9 = 26 ENC_ISO_8859_10 = 28 ENC_ISO_8859_11 = 30 ENC_ISO_8859_13 = 34 ENC_ISO_8859_14 = 36 ENC_ISO_8859_15 = 38 ENC_ISO_8859_16 = 40 ENC_WINDOWS_1250 = 42 ENC_3GPP_TS_23_038_7BITS = 44 ENC_EBCDIC = 46 ENC_MAC_ROMAN = 48 ENC_CP437 = 50 ENC_ASCII_7BITS = 52 ENC_NA = 0 ENC_STR_NUM = 16777216 ENC_STR_HEX = 33554432 ENC_STRING = 50331648 ENC_STR_MASK = 65534 ENC_NUM_PREF = 2097152 ENC_SEP_NONE = 65536 ENC_SEP_COLON = 131072 ENC_SEP_DASH = 262144 ENC_SEP_DOT = 524288 ENC_SEP_SPACE = 1048576 ENC_SEP_MASK = 2031616 ENC_ISO_8601_DATE = 65536 ENC_ISO_8601_TIME = 131072 ENC_ISO_8601_DATE_TIME = 196608 ENC_RFC_822 = 262144 ENC_RFC_1123 = 524288 ENC_STR_TIME_MASK = 983040 -- -- Expert flags and facilities (deprecated - see 'expert' table below) PI_SEVERITY_MASK = 15728640 PI_COMMENT = 1048576 PI_CHAT = 2097152 PI_NOTE = 4194304 PI_WARN = 6291456 PI_ERROR = 8388608 PI_GROUP_MASK = 4278190080 PI_CHECKSUM = 16777216 PI_SEQUENCE = 33554432 PI_RESPONSE_CODE = 50331648 PI_REQUEST_CODE = 67108864 PI_UNDECODED = 83886080 PI_REASSEMBLE = 100663296 PI_MALFORMED = 117440512 PI_DEBUG = 134217728 PI_PROTOCOL = 150994944 PI_SECURITY = 167772160 PI_COMMENTS_GROUP = 184549376 PI_DECRYPTION = 201326592 -- the following table is since 1.11.3 -- -- Expert flags and facilities expert = { -- Expert event groups group = { -- The protocol field has a bad checksum, usually uses PI_WARN severity ["CHECKSUM"] = 16777216, -- The protocol field indicates a sequence problem (e.g. TCP window is zero) ["SEQUENCE"] = 33554432, -- The protocol field indicates a bad application response code (e.g. HTTP 404), usually PI_NOTE severity ["RESPONSE_CODE"] = 50331648, -- The protocol field indicates an application request (e.g. File Handle == xxxx), usually PI_CHAT severity ["REQUEST_CODE"] = 67108864, -- The data is undecoded, the protocol dissection is incomplete here, usually PI_WARN severity ["UNDECODED"] = 83886080, -- The protocol field indicates a reassemble (e.g. DCE/RPC defragmentation), usually PI_CHAT severity (or PI_ERROR) ["REASSEMBLE"] = 100663296, -- The packet data is malformed, the dissector has "given up", usually PI_ERROR severity ["MALFORMED"] = 117440512, -- A generic debugging message (shouldn't remain in production code!), usually PI_ERROR severity ["DEBUG"] = 134217728, -- The protocol field violates a protocol specification, usually PI_WARN severity ["PROTOCOL"] = 150994944, -- The protocol field indicates a security problem (e.g. insecure implementation) ["SECURITY"] = 167772160, -- The protocol field indicates a packet comment ["COMMENTS_GROUP"] = 184549376, -- The protocol field indicates a decryption problem ["DECRYPTION"] = 201326592, }, -- Expert severity levels severity = { -- Packet comment ["COMMENT"] = 1048576, -- Usual workflow, e.g. TCP connection establishing ["CHAT"] = 2097152, -- Notable messages, e.g. an application returned an "unusual" error code like HTTP 404 ["NOTE"] = 4194304, -- Warning, e.g. application returned an "unusual" error code ["WARN"] = 6291456, -- Serious problems, e.g. a malformed packet ["ERROR"] = 8388608, }, } -- -- menu groups for register_menu MENU_ANALYZE_UNSORTED = 0 MENU_ANALYZE_CONVERSATION = 1 MENU_STAT_UNSORTED = 2 MENU_STAT_GENERIC = 3 MENU_STAT_CONVERSATION = 4 MENU_STAT_ENDPOINT = 5 MENU_STAT_RESPONSE = 6 MENU_STAT_TELEPHONY = 7 MENU_STAT_TELEPHONY_ANSI = 8 MENU_STAT_TELEPHONY_GSM = 9 MENU_STAT_TELEPHONY_LTE = 10 MENU_STAT_TELEPHONY_MTP = 11 MENU_STAT_TELEPHONY_SCTP = 12 MENU_TOOLS_UNSORTED = 13 -- other useful constants GUI_ENABLED = gui_enabled() DATA_DIR = Dir.global_config_path() USER_DIR = Dir.personal_config_path() -- deprecated function names datafile_path = Dir.global_config_path persconffile_path = Dir.personal_config_path dofile(DATA_DIR.."console.lua") --dofile(DATA_DIR.."dtd_gen.lua")