Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] My first dissector

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Wed, 15 Apr 2015 16:16:54 +0200
2015-04-15 12:53 GMT+02:00 <14l0yt+90c01y4cprdtg@xxxxxxxxxxxxxxxxx>:
Dear all,

(Sorry for double posting, but I got no response on the users mailing list, so I thought maybe this list is actually more appropriate)

I'm trying to write my first Wireshark dissector. As an example, I looked at http://protomatics.com/wireshark_dissector.html and the nice Wireshark Wiki pages.

I have installed on my Mac a Homebrew version of wireshark in:
/usr/local/Cellar/wireshark/1.12.4/

I checked out the v1.12.4 version in git:
$ git status
HEAD detached at v1.12.4

If I copy the created .so file to /usr/local/Cellar/wireshark/1.12.4/lib/wireshark/plugins/1.12.4/
and start wireshark-qt, the program terminates with:
ERROR:/Users/sjaak/WiresharkPlugins/wireshark/epan/wmem/wmem_scopes.c:124:wmem_epan_scope: assertion failed: (epan_scope)
Abort trap: 6 (core dumped)

I hope there's somebody out there who can easily see what's wrong? I don't know if I'm doing something wrong or there's a problem with the code.

Thanks,
Sjaak.


I modified a few makesfiles and used cmake to build everything. That part seems to work fine (no errors and I get an .so file in the 'run' folder).

I have these files in the wireshark/plugins/mytest folder:
CMakeLists.txt                  Makefile.nmake                  packet-mytest.c
Makefile.am                     moduleinfo.h                    plugin.c
Makefile.common                 moduleinfo.nmake                plugin.rc.in

And packet-mytest.c looks like this:


#include "config.h"

#include <epan/packet.h>

#define MYTEST_PORT 1234

static int proto_mytest_10 = -1;
static gint ett_mytest_10 = -1;

static void dissect_mytest10(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
    col_set_str(pinfo->cinfo, COL_PROTOCOL, "MYTEST10");
    col_clear(pinfo->cinfo, COL_INFO);

    if (tree)
    {
        proto_item *ti = proto_tree_add_item(tree, proto_mytest_10, tvb, 0, -1, FALSE);
        tree = proto_item_add_subtree(ti, ett_mytest_10);
    }
}

void proto_register_mytest10(void)
{
    /* Setup protocol subtree array */
    static int *ett[] = { &ett_mytest_10 };

    proto_mytest_10 = proto_register_protocol(
        "MYTEST v1.0 Protocol", // name
        "MYTEST10", // short name
        "mytest10"); // abbrev

    proto_register_subtree_array(ett, array_length(ett));
}

void proto_reg_handoff_mytest10(void)
{
    static dissector_handle_t mytest10_handle;

    mytest10_handle = create_dissector_handle(dissect_mytest10, proto_mytest_10);
    dissector_add_uint("tcp.port", MYTEST10_PORT, mytest10_handle);
}


Hi Sjaak,

you probably did not share all the info as this code compiles and run fine on my end (Windows 7 with MSVC2013, does not crash as startup when loading the plugin).
First of all, does Wireshark start properly without your plugin?
If yes, could you share the backtrace (as the wmem assert, by its own, is not that helpful without the context)?
BTW it should be noted that Qt GUI support is quite experimental (and abandoned) in master-1.12 branch. It would be safer to either use GTK in this branch, or switch to master branch if you want to stick to Qt.

Best regards,
Pascal.