Wireshark-dev: Re: [Wireshark-dev] wireshark GUI vs tshark
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Tue, 24 Nov 2009 11:23:26 -0500
I don't have the time to examine your code but I think doc/README.developer will answer all of your questions. In particular, read all the warnings about using tvb_get_ptr() and examine the sample dissector included in the file, specifically the proto_reg_handoff_PROTOABBREV() function. But as Jaap suggested earlier, you should *really* read doc/README.developer in its entirety. - Chris -----Original Message----- From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Brian Oleksa Sent: Tuesday, November 24, 2009 10:59 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] wireshark GUI vs tshark Jaap and Chris I appreciate your help. I apologize for the messy code....this is my development code. I have changed some of the code based on your suggestions that you made below: Such as... FT_BYTES, BASE_HEX is now FT_BYTES, BASE_NONE I have closed off the value_string helen_vals[] with {0, NULL} However.. I do have some questions. What do you mean when you say: "You forget to set initialized to TRUE in your handoff functions." Also..why does accessing tvbuff this way pose a problem..?? guint8 * ptr = (guint8*) tvb->real_data; Accessing tvbuff this way appears to be working fine...but would like some feed back if there is a well-known & correct way to do this. I have attached a clean version of the code. It is now formatted and all the old commented out code is now removed. I am a java programmer and just started to dig into this C stuff....So I apologize for any code that does not make sense. Again...any help is greatly appreciated. Thanks, Brian Jaap Keuter wrote: > Hi, > > Oke, quick review then. > > First of all the code is a mess. That results in: > 1. hard to look through. > 2. hard to spot even obvious errors. > > You forget to set initialized to TRUE in your handoff functions. > > FT_BYTES, BASE_HEX should be FT_BYTES, BASE_NONE > > Many inconsistencies in header blubs and labels. > > value_string helen_vals[] isn't closed off by {0, NULL} > > guint8 * ptr = (guint8*) tvb->real_data; > Going about this way of accessing tvbuff data leads guaranteed to failure. > For me it's enough to abort furher review of this code. > > My advice: really read all of doc/README.developer and take the advice to hart. > > Thanks, > Jaap > > Brian Oleksa wrote: > >> Jaap >> >> Eventually this might get licensed...but just not sure what direction we >> will be going. >> >> I have tracked down many many problems before when my code crashed >> within the GUI...because I would get some what of >> a decent error. But I am having a hard time tracking down this bug as it >> runs fine in the GUI but not in tshark. >> >> Doesn't tshark run off the same base code as the GUI does..?? If >> so...then you think if it would crash in one that it would crash in the >> other....wouldn't you think..?? >> >> Attached is my code. Any help is greatly appreciated. >> >> Thank you >> Brian >> >> >> >> >> >> Jaap Keuter wrote: >> >>> Hi, >>> >>> Well, your assumption is probably right, that your dissector has >>> something to do with it. >>> >>> You can post it, but we prefer to spend our time on GPL'ed code. I >>> don't know what you license will be. >>> If you prefer not to publish your code you can probably find enough >>> clues in the documentation in the doc directory. >>> >>> Thanks, >>> Jaap >>> >>> Brian Oleksa wrote: >>> >>> >>>> Chris and Jaap >>>> >>>> Well.... I guess I can point out the obvious here: >>>> >>>> I wrote a dissector that works fine with the GUI with no >>>> problem...but it crashes when I use tshark. >>>> >>>> HOWEVER... if I remove my dissector....then my pcap file loads fine >>>> within tshark. >>>> >>>> So the problem has to be with my dissector....correct..?? >>>> >>>> Is there anyway I can post my code so you can take a look..?? >>>> >>>> This is hard to track down as again everything works fine in the GUI >>>> and I get NO real error message within tshark. >>>> >>>> What do you think..? >>>> >>>> Thanks, >>>> Brian >>>> >>>> >>>> >>>> Maynard, Chris wrote: >>>> >>>> >>>>> The file may not be corrupt but might contain packet(s) which are >>>>> exposing a tshark bug. If you can post the capture file, that would >>>>> probably help. If you don't wish to post it on the mailing list, you >>>>> can open a bug report and post it there instead, marking the file as >>>>> private if you so desire so only the core developers have access to it. >>>>> >>>>> - Chris >>>>> >>>>> -----Original Message----- >>>>> From: wireshark-dev-bounces@xxxxxxxxxxxxx >>>>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Brian Oleksa >>>>> Sent: Monday, November 23, 2009 12:59 PM >>>>> To: Developer support list for Wireshark >>>>> Subject: Re: [Wireshark-dev] wireshark GUI vs tshark >>>>> >>>>> Jaap and Chris >>>>> >>>>> I am running this on Win XP service pack 2. >>>>> I am using wireshark Version 1.2.4 (SVN Rev 30978). >>>>> >>>>> The test.pcap file has been around for a while...so chances are it >>>>> is not corrupt. It never crashes using the GUI...it just crashes and >>>>> gives me that pop up when I run it with that tshark command. >>>>> >>>>> This is about all the information that I can provide....unless you >>>>> can think of something else that you need..?? >>>>> >>>>> Thanks, >>>>> Brian >>>>> >>>>> >>>>> Jaap Keuter wrote: >>>>> >>>>> >>>>>> Hi Brian, >>>>>> >>>>>> Thanks for including the error report. It in itself doesn't tell >>>>>> >>>>>> >>>>> anything, >>>>> >>>>> >>>>>> other than that a problem was detected. That's why Chris asked you >>>>>> >>>>>> >>>>> some >>>>> >>>>> >>>>>> more questions on the whole situation. Maybe we can help you further >>>>>> >>>>>> >>>>> when >>>>> >>>>> >>>>>> you look into them. >>>>>> >>>>>> Thanks, >>>>>> Jaap >>>>>> >>>>>> On Mon, 23 Nov 2009 12:02:17 -0500, Brian Oleksa >>>>>> <oleksab@xxxxxxxxxxxxxxxxxxxxxx> wrote: >>>>>> >>>>>> >>>>>>> Chris >>>>>>> >>>>>>> I have attached the error this time....sorry about that. :-) >>>>>>> >>>>>>> I get this error when I run with tshark using the following command: >>>>>>> >>>>>>> tshark -nr test.pcap ip.dst==x.x.x.x >>>>>>> But when I filter in the GUI ... I have no problems. >>>>>>> >>>>>>> Thanks, >>>>>>> Brian >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Maynard, Chris wrote: >>>>>>> >>>>>>> >>>>>>>>> Any thoughts..?? >>>>>>>>> >>>>>>>>> >>>>>>>> My first thought was, "I guess you forgot to include the error." :) >>>>>>>> >>>>>>>> In addition to the error, you might want to include some Wireshark >>>>>>>> version information, what OS you're running on and any other >>>>>>>> >>>>>>>> >>>>>> information >>>>>> >>>>>> >>>>>>>> that you think might be relevant. >>>>>>>> >>>>>>>> By the way, I tried a similar tshark command using Wireshark 1.2.4 >>>>>>>> >>>>>>>> >>>>> on >>>>> >>>>> >>>>>>>> Windows XP SP3 with no problems. Maybe you are running an older >>>>>>>> >>>>>>>> >>>>>> version >>>>>> >>>>>> >>>>>>>> of Wireshark with a known bug that has been fixed, or maybe your >>>>>>>> test.pcap file is corrupt or exposes a Wireshark bug, in which case >>>>>>>> >>>>>>>> >>>>> a >>>>> >>>>> >>>>>>>> bug report might be in order with the attached test.pcap file >>>>>>>> >>>>>>>> >>>>> included >>>>> >>>>> >>>>>>>> so the core developers can analyze the error and find & fix the bug. >>>>>>>> >>>>>>>> - Chris >>>>>>>> >>>>>>>> -----Original Message----- >>>>>>>> From: wireshark-dev-bounces@xxxxxxxxxxxxx >>>>>>>> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Brian >>>>>>>> >>>>>>>> >>>>> Oleksa >>>>> >>>>> >>>>>>>> Sent: Sunday, November 22, 2009 10:49 PM >>>>>>>> To: Developer support list for Wireshark >>>>>>>> Subject: [Wireshark-dev] wireshark GUI vs tshark >>>>>>>> >>>>>>>> >>>>>>>> Wiresharkers >>>>>>>> >>>>>>>> When I use my dissector with the GUI... everything works fine. The >>>>>>>> >>>>>>>> >>>>> pcap >>>>> >>>>> >>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>>>>>> file that I load comes right up with NO problems. I can filter >>>>>>>> (ip.dst==x.x.x.x) with no problems. >>>>>>>> >>>>>>>> But if I try to open that same pcap file with tshark using the >>>>>>>> >>>>>>>> >>>>>> following >>>>>> >>>>>> >>>>>>>> command: >>>>>>>> >>>>>>>> tshark -nr test.pcap ip.dst==x.x.x.x >>>>>>>> The files appears to start loading.. then I get the following error. >>>>>>>> >>>>>>>> Any thoughts..?? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Brian >>>>>>>> >>>>>>>> > > ________________________________________________________________________ ___ > Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe > CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email.
- References:
- [Wireshark-dev] wireshark GUI vs tshark
- From: Brian Oleksa
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Maynard, Chris
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Brian Oleksa
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Jaap Keuter
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Brian Oleksa
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Maynard, Chris
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Brian Oleksa
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Jaap Keuter
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Brian Oleksa
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Jaap Keuter
- Re: [Wireshark-dev] wireshark GUI vs tshark
- From: Brian Oleksa
- [Wireshark-dev] wireshark GUI vs tshark
- Prev by Date: Re: [Wireshark-dev] wireshark GUI vs tshark
- Next by Date: Re: [Wireshark-dev] wireshark GUI vs tshark
- Previous by thread: Re: [Wireshark-dev] wireshark GUI vs tshark
- Next by thread: Re: [Wireshark-dev] wireshark GUI vs tshark
- Index(es):