Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Porting problem

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 27 Sep 2006 17:09:22 -0700

On Sep 27, 2006, at 2:12 PM, Tomek Sikorski wrote:

I've just started working in network division for a company in my
hometown. About 2 years ago they started developing their own protocols
in commercial purposes. Simultaneously they started developing
dissectors in Ethereal [ver 0.10.14-31] for them. Now I'm trying to port
them to Wireshark-0.99.3a

It's not really a port - this isn't new software, it's just a name change (i.e., if Gerald Combs' previous employer were willing to give up the Ethereal trademark, it would still be called "Ethereal":

	http://www.wireshark.org/faq.html#q1.2

.)  It's more of an upgrade to a later release.

and after encountering serious of problems
[because changes made in other than dissectors files weren't logged] I
finally managed to compile and ran them. But I have one significant
problem: I capture some traffic, it is dissected, and I write some
filter [any, i.e. "ip"] -> I get SEGFAULT. gdb tells it's in one of
functions put in proto.c used by my dissectors [and my dissectors only].

What's the full stack trace (preferably with line numbers)?

But it worked on Ethereal! I probably forgot to copy some part of code
somewhere, but I search and search and nothing. No asserts are failed,
the compilation is also OK. And the dissection itself works!

If it's crashing in a function from proto.c called by one of your dissectors, clearly dissection isn't *always* working.

I scanned
each frame to check if it does not SEGFAULT on a particular frame, but
it went ok.

"Scanned" in what sense? I.e., you clicked on each of the frames, so you saw the full dissection in the packet detail pane?


Please, does any of you wireshark-gurus can tell me, what have changed
so much in filters, that they don't work now? Where [which files] should
I search?

The main thing that applying a filter does is that it causes a full dissection of a packet to be done (so that all the fields values are found, allowing them to be tested by a filter). If you read in a capture file, and you don't have a color filter or display filter, only enough dissection is done to set the columns in the summary pane and to allow subdissectors to be called, so not all the dissector code is tested.