Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] my dissector breaks with updated 1.6 source and libs

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 10 Jul 2011 09:31:47 -0700
On Jul 8, 2011, at 7:31 PM, oleksab@xxxxxxxxxxxxxxxxxxxxxx wrote:

> My dissector worked when I updated libs and sources from 1.2 to 1.4. So I
> figured it would work from 1.4 to 1.6. But it did not.
> 
> I did get the latest libs and sources

What do you mean by "the latest sources"?  Do you mean the Subversion trunk?  If so, that's not what you should use for building plugins for 1.6; you should use the source to Wireshark 1.6 for that.

> and I did recompile everything...but
> I ended up with some errors (which I will need to dig through).
> 
> But I got this one error that I am not sure what it means. Wireshark
> (version 1.6) did start up properly. I was able to load a .pcap capture
> file....but when I click on one of the rows in the tree...I got the below
> error. Any thoughts..??
> 
> The error was:
> 
> 22:26:55   Err  new_fi->hfinfo->type 28 <FT_PCRE> not handled

What does the $Id$ line say in the file "epan/ftypes/ftypes.h" in the Wireshark source you're using?

In Wireshark 1.6, it should say 37594 as the version.  In the Wireshark 1.6.x branch in Subversion, it should say 37146 as the version.  If it has any other version, it's not the Wireshark 1.6 source or even the source from the 1.6 branch - and, if it doesn't include FT_EBCDIC, it's a recent version from the trunk, and that source *cannot* be used to build plugins for the 1.6 branch (again, plugins have to be built with the Wireshark source for the version with which they're going to be used).  FT_PCRE is type 29 in 1.6; it's type 28 in the current Subversion trunk.