Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Disabling a dissector doesn't seem to quite work.

From: Evan Huus <eapache@xxxxxxxxx>
Date: Sat, 15 Sep 2012 16:35:49 -0400
On Sat, Sep 15, 2012 at 2:06 PM, Christopher Maynard
<Christopher.Maynard@xxxxxxxxx> wrote:
> Evan Huus <eapache@...> writes:
>
>> There is already a (commented-out) function called
>> dissector_add_uint_sanity_check which does warn on duplicate port
>> registrations and on registrations to port 0. It produces 157 warnings
>> when enabled in the default build. I don't know how many duplicate
>> string registrations there are, but there are definitely some based on
>> valgrind's output.
>
> I took a quick look at EIGRP since tshark was reporting these strange warnings
> against itself:
>
> ** (tshark.exe:6984): WARNING **: ip.proto: eigrp registering using pattern 88
> already registered by eigrp
> ** (tshark.exe:6984): WARNING **: ddp.type: eigrp registering using pattern 88
> already registered by eigrp
> ** (tshark.exe:6984): WARNING **: ipx.socket: eigrp registering using pattern
> 34238 already registered by eigrp
>
> Hmm, so it seems that the doxygen comments are somehow causing this?  For
> example, the following patch eliminates the warnings for me:
>
> Index: epan/dissectors/packet-eigrp.c
> ===================================================================
> --- epan/dissectors/packet-eigrp.c      (revision 44888)
> +++ epan/dissectors/packet-eigrp.c      (working copy)
> @@ -3351,7 +3351,6 @@
>  }
>
>  /**
> - *@fn void proto_reg_handoff_eigrp(void)
>   *
>   * @param[in] void
>   * @param[out] None

Oh boy, this isn't nice. The scripts /tools/make-dissector-reg[.py]
use regexes to look for definitions that look like protocol
registration functions. The scripts add any functions they find to an
array that is called on startup to register dissectors.

Because the doxygen comments have the exact form of the function
definition, the regex matches twice (once on the doxygen comment and
once on the real definition) and proto_reg_handoff_eigrp() gets added
to the array twice, meaning it is called twice on startup, which is a
problem for all sorts of reasons.

The obvious solution for now is to remove the comments that are
getting falsely picked up as function definitions, but the better fix
is to the make-dissector-reg scripts. Is it valid for there to be two
register functions in a file, or could the scripts simply limit to one
entry per file? Or someone who groks the regexes could fix them to
ignore lines that are commented out...