Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Dissector plugin not working with wireshark 1.12.3

From: yannick omnes <yomnes@xxxxxxxxxxx>
Date: Tue, 17 Feb 2015 12:41:09 +0100
Hi Pascal,

Thank you for your answer,

The plugin crashes (dereferencing a NULL pointer) in the second iteration of the loop in proto_register_field_array. Looking around, i noticed that the bitmask field of header_field_info changed betwen 1.10.6 and 1.12.3, it was a guint64 and is now a guint32. I didn't update my wireshark-dev package (just noticed that) so that might be the problem. Where can I find the dev package for wireshark 1.12.3 ? (The one provided by aptitude is out-of-date)


Regards,

Yannick


Le 17/02/2015 10:42, Pascal Quantin a �crit�:
2015-02-17 10:08 GMT+01:00 yannick omnes <yomnes@xxxxxxxxxxx>:
Hi list,

I've recently updated my Wireshark to 1.12.3. I created a plugin that worked fine with previous versions but now I'm facing some problems.

The plugins still compile and is correctly loaded by wireshark on Windows

On my ubuntu 14.04, it is not loaded anymore. The problem seems to come from the register fonction. If there is only one element in the hf_register_info array, the plugin is being correctly loaded by Wireshark. But with more than one items, Wireshark crashes.

Does anyone know what's wrong ?

Hi Yannick,

without having access to your code, it's almost impossible to provide you support. Have you checked with a debugger where it fails more precisely? What version were you using previously?

Regards,
Pascal.


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

--


void
proto_register_ebonding(void)
{


    static hf_register_info hf_ebonding[] =
    {


        { &hf_ebonding_id, { "Packet id", "ebonding.id", FT_UINT16, BASE_DEC_HEX, VALS(id_field), 0xF0, NULL, HFILL } },
        { &hf_ebonding_type, { "Packet type", "ebonding.type", FT_UINT16, BASE_DEC_HEX, VALS(type_field), 0x8, NULL, HFILL } },
        { &hf_ebonding_seqnum, { "Seqnum", "ebonding.seqnum", FT_UINT16, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }, },
        { &hf_ebonding_seqnumglobal, { "Seqnum", "ebonding.seqnum", FT_UINT16, BASE_CUSTOM, seqnumdisplay, 0xFF07, NULL, HFILL }, },
        { &hf_ebonding_cmd, { "Command", "ebonding.cmd", FT_UINT8, BASE_DEC_HEX, VALS(command_field), 0x0, NULL, HFILL } },
        { &hf_ebonding_cmd_counter, { "Counter", "ebonding.counter", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }, },
        { &hf_ebonding_cmd_retry, { "Retry", "ebonding.retry", FT_UINT8, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }, },
        { &hf_ebonding_timestamps, { "Timestamp", "ebonding.timestamp", FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }, },


    };



    static gint *ett_ebonding_arr[] =
    {
        &ett_ebonding,
        &ett_timestamps,
        &ett_seqnum,
        &ett_lastseqnum,

    };

    proto_register_field_array (proto_ebonding, hf_ebonding, array_length (hf_ebonding));
    proto_register_subtree_array (ett_ebonding_arr, array_length (ett_ebonding_arr));
    ebonding_tap = register_tap("ebonding");
}