Re: [Wireshark-dev] Sub_dissectors assertion failed
-Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Scott Sent: Friday, May 21, 2010 1:50 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Sub_dissectors assertion failed Thanks for the reply Guy! I have some followup questions. [ snippy-snip] Quite a number of questions? Yes. I feel like README.developer is good but it doesn't explain all. Guidance from you and any other developers is much appreciated. -Scott I could not agree more. A few diagrams in the developer guide would be worth thousands of words. Just when I think I know what I am doing I realise that, indeed, I don't... ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wiresharkl-dev] Adding a dissector for Analyze-Decode As only
From: Guy Harris [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Date: Fri, 16 Feb 2007 16:03:41 -0800
On Feb 16, 2007, at 3:28 PM, Ravi Kondamuru wrote:
I am trying to write a dissector for a non-standard rpc protocol.
Writing a heuristic to automatically identify the protocol is getting too
complicated. So, I was wondering if I could add a dissector that can be used
when I select a connection and explictly say Decode As.
Is it possible to do that?
If your protocol runs directly on top of UDP or TCP, yes. (If it runs on top
of some other RPC protocol - i.e., if by rpc protocol
you mean a protocol that is implemented using some RPC mechanism such as ONC
RPC or DCE RPC - then, no, you can't, and you *shouldn't*; there's already a
mechanism for registering dissectors for ONC RPC-based and DCE RPC-based
protocols.)
If it is, any pointers to notes on how can it be done?
If your protocol runs on top of UDP, so that you'd want to use Decode As to
indicate that a particular UDP port should be used for your protocol, then
call
dissector_add_handle(udp.port, {the handle for your dissector});
If your protocol runs on top of TCP, so that you'd want to use Decode As to
indicate that a particular TCP port should be used for your protocol, then
call
dissector_add_handle(tcp.port, {the handle for your dissector});
---
(Please excuse the email format. I am cut-n-pasting to a PDA)
Is it possible to add both TCP and UDP handles to a dissector? I have
succesfully built an RPC based dissector but it is only called for TCP
packets. UDP packets go undissected.
In my proto_reg_handoff I call the canonical rpc_init_prog() and
rpc_init_proc_table which appear to default to the rpc_tcp_handle.
___
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Compiling under MSVC 6.0 - simple Q, clear cut A ?
I read through this thread with keen interest as I am experiencing similar issues. I am a UNIX developer (literally) but am currently developing Wireshark on Windows so there could be operator error involved. I've been successfully building using MSVC and nmake for the past couple years and only recently decided to use MSDEV for debugging. I get the usual initial pause in ..\gtk\main.c but pressing F5 to continue causes the unrecoverable error - Unhandled exception in wireshark.exe (LIBGLIB-2.0.0.DLL) Access violation. If I run wireshark.exe outside of the debugger it performs perfectly. Has anyone seen this before and know the root cause? I've carefully followed the advice on the wiki and have pointed MSDEV to the source code and .bsc file. I've tried both attaching MSDEV to a running instance of wireshark and also allowing MSDEV to spawn the instance. Both experience the same failure. Cheers Bryan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Johansson Sent: Friday, December 01, 2006 5:31 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Compiling under MSVC 6.0 - simple Q, clear cut A ? An alternative way to do this is to: 1. Start wireshark.exe and msdev separately. 2. In MSDEV 6, choose menu Build - Start Debug - Attach to process 3. From the list of processes, choose wireshark.exe (most certainly one of the topmost items). 4. Load the source file in which you would want to set a breakpoint using the menu File - Open. 5. Set a breakpoint at the desired line in the source code. 6. Wireshark will pause its execution once the breakpoint gets hit. Note that if you upon closing MSDEV answer yes to the question whether the debug session's opt file should be saved or not, then you can open MSDEV the next time and just reload the debug workspace from the menu File - Recent workspaces. Once the workspace has been loaded, you can start the Wireshark execution (in the debugger from the beginning) using for instance F5, F10, or F11. / Regards, Peter Martin Warnes wrote: The following works for me when debugging a plugin it should be the same for a built in dissector: 1. Open wireshark.exe in MSVC and F5 to start debug. 2. When it pauses in ..\gtk\main.c press F5 again to continue Wireshark startup. 3. Once you see the main display window open your dissector code in MSVC and insert your break point(s). 4. Open capture file used by your dissector and it should halt at the required breakpoints (at least it does for me) Martin Sleep Less wrote the following on 01/12/2006 11:55: Well not quite - the compiler still disables breakpoint in the dissector, as it fails to see the (symbolic) connection. Methinks you need .bsc files for that, which MSVC generates when you compile from the IDE, but apprently nmake does not. any ideas? */Douglas Pratley [EMAIL PROTECTED]/* wrote: Not tried exactly that myself, but Id have thought that you could single step into main.c, pause, then put a breakpoint in packet-h263.c and then just run. It should then stop on the breakpoint. *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Sleep Less *Sent:* 01 December 2006 11:42 *To:* Developer support list for Wireshark *Subject:* Re: [Wireshark-dev] Compiling under MSVC 6.0 - simple Q,clear cut A ? Thanks. Done all the wiki recommendations. I can now single/step debug main.c, but as you can imagine, my interest lies deep in one of the dissectors - e.g. packet-h263.c etc. How to I get to the situation I can single step through those? thanks */Douglas Pratley [EMAIL PROTECTED]/* wrote: [Apologies if this message appears twice - I am having some trouble persuading exchange to be consistent about which SMTP address it uses for outgoing email, and my first try bounced as a non-menber] The wiki tips page has a couple of useful sections on debugging and setting up browse info for MSVC. http://wiki.wireshark.org/Development/Tips Ive also done it by creating a dummy static library project and using Wireshark as the program under the debug settings (useful for putting a breakpoint in start-up code). Cheers Doug *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Sleep Less *Sent:* 01 December 2006 10:36 *To:* Developer support list for Wireshark *Subject:* Re: [Wireshark-dev] Compiling under MSVC 6.0 - simple Q,clear cut A ? Hi, thanks for the willingness to assist. I did one thing : created an empty directory c:\wireshark-win32-libs and then ran the
[Wireshark-dev] Which takes precedence - plug-ins or built-in dissectors?
Mea culpa if this is a FAQ but I couldn't find reference to this anywhere. What happens if I add a plug-in for a dissector that already is statically linked into Wireshark? Does the plug-in take precedence or will there be a conflict? Cheers, Bryan ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Discrepancies between summary view and details view - rpc dissector
Hello all, I am developing an RPC based dissector and I am getting odd results when I run it. It correctly identifies the protocol (based on RPC program and procedure numbers) for a couple of frames and then begins to display another RPC protocol (different program number, same procedure number). Interestingly, the information displayed below in the details window displays the correct RPC protocol whilst the summary window does not. My dissector uses packet-rpc and, at this point, I am not manually updating the summary or tree view contents. I am simply letting packet-rpc do the heavy lifting of creating the display information. Any thoughts on where things may be going wrong? I'm ready to begin a liberal sprinkling of g_print() statements in packet-rpc to see what is happening. Cheers, Bryan ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
Re: [Wireshark-dev] Which takes precedence - plug-ins or built-in dissectors?
Guy, I am in agreement and that is what I anticipate doing with the bulk of my work. I this particular case the protocol is proprietary and will likely not become public until 2008. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Wednesday, March 28, 2007 10:32 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Which takes precedence - plug-ins or built-in dissectors? Bryan Miller wrote: What happens if I add a plug-in for a dissector that already is statically linked into Wireshark? Does the plug-in take precedence or will there be a conflict? There is no guarantee of any particular outcome. It depends on the mechanism the dissectors use to register themselves, and the way those mechanisms happen to be implemented in any particular version of Wireshark. If you have improvements for a dissector, you should replace that dissector directly, and send us the improvements so we can put them into the main Wireshark release. ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
[Wireshark-dev] Duplicate posts?
Hi All, Sorry for the slightly off-topic post but since we have no postmaster I am pinging the list. Is anyone else receiving duplicate posts? The mailing list site shows me only subscribed once but I am receiving duplicate messages for all posts. Certainly not life threatening but very aggravating... Cheers ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
