Wireshark-dev: Re: [Wireshark-dev] Interesting problem with tshark - understood and solved

From: "Bryant Eastham" <beastham@xxxxxxxxxxx>
Date: Fri, 30 Jun 2006 13:27:44 -0600
Jeff Morriss wrote:
> Bryant Eastham wrote:
> > I have a set of related plugins that work fine in wireshark proper, 
> > but fail to work under tshark. They all worked fine as of ethereal
> > 10.13 (the last ethereal that I used).
> > 
> > The base dissector watches for TCP/IP connections, parses off a 
> > network layer and the protocol number of the nested protocol. It has
> > registered table for subdissectors. This plugin works fine in tshark
> > I get summary lines from that base dissector, and in verbose mode it

> > shows me the correct protocol numbers and packet lengths. However, 
> > none of the sub-dissectors, that work fine in wireshark, appear to
run in tshark.
> Does it work in tshark if you use a display filter (even "-R frame")?
> If so, your dissector may be only calling the subdissectors when
> is set (and 'tree' may always be set for you in wireshark because
you've got color filters set up > > or something like that).

I now understand the problem, and have found the problem in the code.
I should have mentioned that I am running tshark from a build, not
an installed, directory. It appears that tshark.c is missing the call
"init_progfile_dir(argv[0]);". Without this call, the data directory
is never initialized and defaults on Windows to the C:/Program Files/...
directory. Since I did not have my plugins there (or I only had 1 of
they were not loaded.

Somebody "in the know" should apply the fix for real, but adding the
did fix the problem on my machine.

So, with my (very, very ) small contribution, could someone create the
for 0.99.1pre1? ;-)