 |
| Wireshark with Lua-based dissector |
What do you do on a rainy public holiday with COVID19 restrictions in place? Finally get Wireshark to work with Lua support to have custom dissectors. Dissectors are useful to turn binary garbage into readable TCP or UDP packet content. Lua is a scripting language and a supported way of adding dissectors in Wireshark. Unfortunately, the install package for Red Hat Enterprise Linux does not include Lua support. Compiling Wireshark on my RHEL 8.3 does not simply work because it requires Lua version 5.2 for my scripts to work. And RHEL either has version 5.3 or 5.1 which both are incompatible (long story). So, let's get going.
Compiling Lua
After some research I started by downloading Lua 5.2.4 from the Lua website. Thereafter, "make" and the correct "make linux" resulted the compiled files. "make local" created a local install directory which I hoped to use with Wireshark. But later, after configuring the Wireshark build to pick up Lua, I ran into this error:
/usr/bin/ld: /mypath/lua-5.2.4/install/lib/liblua.a(lstate.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
My Lua was not compiled in the right way, I needed a shared library. Extending this block in the Makefile by the last line did the trick:
$(LUA_A): $(BASE_O)
$(AR) $@ $(BASE_O)
$(RANLIB) $@
$(CC) -shared -ldl -Wl,-soname,liblua$R.so -o liblua$R.so $? -lm $(MYLDFLAGS)
It builds a shared libary liblua5.2.4.so when using this command:
make "MYCFLAGS=-fPIC" "R=5.2.4" linux
The "make local" does not copy that library, so I solved it using "cp src/liblua5.2.4.so install/lib/".
Compiling Wireshark
I downloaded the sources for Wireshark 3.5.4 to my RHEL 8.3 machine, unpacked them, changed to the source directory and ran "cmake .". It does not pick up the available Lua, so I needed to point it to my local build:
cmake . -DLUA_INCLUDE_DIR=/mypath/lua-5.2.4/install/include -DLUA_LIBRARIES=/mypath/lua-5.2.4/install/lib/liblua.a -DLUA_LIBRARY=/mypath/lua-5.2.4/install/lib/liblua.a -DENABLE_LUA=ON
Thereafter, it was simply "make" to build Wireshark and "sudo make install". After many hours of looking into it, even considering the flatpak version (no Lua!), starting Wireshark I could verify my success:
 |
| My Wireshark on RHEL 8.3 has Lua 5.2.4 support |