Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9511] New: Dissectors are called MANY more times with qtshark than with wiresh

Wireshark-bugs: [Wireshark-bugs] [Bug 9511] New: Dissectors are called MANY more times with qtsh

Date: Thu, 05 Dec 2013 15:31:16 +0000

Bug ID	9511
Summary	Dissectors are called MANY more times with qtshark than with wireshark
Classification	Unclassified
Product	Wireshark
Version	SVN
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Normal
Priority	Low
Component	Wireshark
Assignee	[email protected]
Reporter	[email protected]

Build Information:
TShark 1.11.3 (SVN Rev 53796 from /trunk)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.32.4, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, with SMI 0.4.8, with c-ares 1.7.4, with Lua
5.1, without Python, with GnuTLS 2.12.23, with Gcrypt 1.5.3, with MIT Kerberos,
without GeoIP.

Running on Linux 3.10.7-gentoo, with locale en_US.UTF-8, with libpcap version
1.3.0, with libz 1.2.8.
Intel(R) Xeon(R) CPU           W3565  @ 3.20GHz

Built using gcc 4.6.3.
--
This may be related to bug 9510 (as a cause).

Dissectors are being called MANY more times with qtshark than with wireshark.

I added a line to packet-tcp.c, at the top of dissect_tcp():

   printf("[dissect_tcp] frame=%" G_GUINT32_FORMAT " visited=%d\n",
pinfo->fd->num, pinfo->fd->flags.visited);

I loaded a capture containing 3 TCP packets, the exited.

Running wireshark:
$ ./wireshark &> gtk.txt
$ cat gtk.txt
Gtk-Message: Failed to load module "gnomesegvhandler"
Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 14: reading
configurations from ~/.fonts.conf is deprecated.
09:18:04          Warn Preference "column.hidden" has been converted to
"gui.column.hidden"
Save your preferences to make this change permanent.
09:18:04          Warn Preference "column.format" has been converted to
"gui.column.format"
Save your preferences to make this change permanent.
[dissect_tcp] frame=1 visited=0
[dissect_tcp] frame=2 visited=0
[dissect_tcp] frame=3 visited=0
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=3 visited=1
$
$ ./qtshark &> qt.txt
$ cat qt.txt
Fontconfig warning: "/etc/fonts/conf.d/50-user.conf", line 14: reading
configurations from ~/.fonts.conf is deprecated.
QMetaObject::connectSlotsByName: No matching signal for
on_tbInterfaces_hideEvent(QHideEvent*)
QMetaObject::connectSlotsByName: No matching signal for
on_tbInterfaces_showEvent(QShowEvent*)
Object::connect: No such slot
CaptureInterfacesDialog::tableItemPressed(QTableWidgetItem *) in
/home/dameiss/torch/svn/wireshark-trunk/ui/qt/capture_interfaces_dialog.cpp:60
Object::connect:  (sender name:   'tbInterfaces')
Object::connect:  (receiver name: 'CaptureInterfacesDialog')
FIX: packet list heading menu sensitivity
09:18:30.412  Dbg  plugin_dir:
/home/dameiss/torch/wireshark-inst/wireshark-trunk-both-x86_64/lib/wireshark/plugins/1.11.3
09:18:30.444  Warn Preference "column.hidden" has been converted to
"gui.column.hidden"
Save your preferences to make this change permanent.
09:18:30.444  Warn Preference "column.format" has been converted to
"gui.column.format"
Save your preferences to make this change permanent.
09:18:30.448 Main Dbg  Translator en_US
09:18:30.448  Dbg  FIX: timestamp types should be set elsewhere
09:18:30.448 Main Info fill_in_local_interfaces() starts
09:18:30.448 Capture Msg  Capture Interface List ...
09:18:30.448 Capture Dbg  sync_interface_list_open
09:18:30.448 Capture Dbg  sync_pipe_open_command
09:18:30.456 Capture Dbg  read 10 indicator: S empty value
09:18:30.456 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
09:18:30.456 Capture Dbg  sync_pipe_wait_for_child: capture child closed after
0.000s
09:18:30.456 Main Info fill_in_local_interfaces() ends, taking 0.008s
09:18:30.459  Dbg  FIX: fetch recent color settings
09:18:30.460 Capture Msg  Capture Interface List ...
09:18:30.460 Capture Dbg  sync_interface_list_open
09:18:30.460 Capture Dbg  sync_pipe_open_command
09:18:30.504 Capture Dbg  read 10 indicator: S empty value
09:18:30.505 Capture Dbg  sync_pipe_wait_for_child: wait till child closed
09:18:30.505 Capture Dbg  sync_pipe_wait_for_child: capture child closed after
0.000s
09:18:30.510 Main Info Wireshark is up and ready to go
09:18:33.591  Dbg  FIX: packet_list_resize_column 1
09:18:33.591 Main Dbg  Callback: Opened
09:18:33.592 Main Dbg  Callback: Read started
09:18:33.614 Main Dbg  Callback: Read finished
[dissect_tcp] frame=1 visited=0
[dissect_tcp] frame=2 visited=0
[dissect_tcp] frame=3 visited=0
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=3 visited=1
[dissect_tcp] frame=3 visited=1
[dissect_tcp] frame=3 visited=1
[dissect_tcp] frame=3 visited=1
[dissect_tcp] frame=3 visited=1
[dissect_tcp] frame=3 visited=1
[dissect_tcp] frame=3 visited=1
[dissect_tcp] frame=3 visited=1
[dissect_tcp] frame=1 visited=1
[dissect_tcp] frame=2 visited=1
[dissect_tcp] frame=3 visited=1
$

Under GTK, the TCP dissector was called twice for each packet (plus the extra
for frame 1), once with the visited flag clear, once with it set.

Under Qt, the dissector was called once for each frame with the visited flag
clear (as expected), then (with the visited flag set)
- 17 times for frame 1
- 8 times for frame 2
- 8 times for frame 3
- 1 more time for each frame

I understand that the Qt GUI is new, and things are still in a state of flux.
But I wanted to get this recorded - you never know what tidbit of information
can be useful in tracking down problems.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 9511] Dissectors are called MANY more times with qtshark than with wireshark
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9511] Dissectors are called MANY more times with qtshark than with wireshark
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9511] Dissectors are called MANY more times with qtshark than with wireshark
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9510] New: qtshark Packet list Protocol and Info columns are spastic
Next by Date: [Wireshark-bugs] [Bug 9499] DTLS: add decrypt support for TLS_PSK_WITH_AES_128_CCM_8
Previous by thread: [Wireshark-bugs] [Bug 9510] qtshark Packet list Protocol and Info columns are spastic
Next by thread: [Wireshark-bugs] [Bug 9511] Dissectors are called MANY more times with qtshark than with wireshark
Index(es):
- Date
- Thread