Wireshark-dev: [Wireshark-dev] Filter registration limit
From: Martin Mizera <martin.mizera@xxxxxxxxx>
Date: Mon, 8 Nov 2010 15:57:38 +0100
Hello,
few moths ago(years), I finished writing own dissector for parsing
proprietary protocol. Last moth, I have rebuild my project using
wireshark 1.4.1( because some bugs appeard during parsing register
table(hf_register_info) )
>From this time, only first 0x13a (314) filters are successfully
registered. (after calling method proto_register_field_array, only
firs 314 items have valid value (no -1) , rest have still -1))
I register filters like that:
void proto_register_tp_info ( int proto_medio )
{
static hf_register_info hf[] =
{
{ &hf_tp_ip_address, { "IP Address",
"tp.IP", FT_NONE, BASE_NONE,
NULL, 0, "IP Address", HFILL } },
{ &hf_tp_port_num, { "Port Number ",
"tp.PN", FT_NONE, BASE_NONE,
NULL, 0, "Port Number ", HFILL } },
...
... and lots of more
...
{ &hf_tp_nwcref, { "Network Call Reference",
"tp.NWCREF", FT_NONE, BASE_NONE,
NULL, 0, "",
HFILL } },
{ &hf_tp_nwcref_value, { "Call Reference number",
"tp.NWCREF.VAL", FT_UINT64, BASE_HEX_DEC,
NULL, 0, "",
HFILL } },
}; //totaly array length is more than 982
proto_register_field_array(proto_medio, hf, array_length(hf));
}
In watches I can see that only firs 314 was inicialized.
I was seeking for any registration limit, but I didn't found any.
So I rewrite my registration function like that:
void proto_register_tp_info ( int proto_medio )
{
static hf_register_info hf[] =
{
{ &hf_tp_ip_address, { "IP Address",
"tp.IP", FT_NONE, BASE_NONE,
NULL, 0, "IP Address", HFILL } },
{ &hf_tp_port_num, { "Port Number ",
"tp.PN", FT_NONE, BASE_NONE,
NULL, 0, "Port Number ", HFILL } },
...
... and lots of more
...
{ &hf_tp_nwcref, { "Network Call Reference",
"tp.NWCREF", FT_NONE, BASE_NONE,
NULL, 0, "",
HFILL } },
{ &hf_tp_nwcref_value, { "Call Reference number",
"tp.NWCREF.VAL", FT_UINT64, BASE_HEX_DEC,
NULL, 0, "",
HFILL } },
}; //totaly array length is more than 982
const gint c_hf_max = 128; //maximum registration filters at on time
const gint c_hf_total = array_length(hf); //total array len ... its
more than 980
gint rest = c_hf_total;
gint cpy_cnt;
while( rest > 0 )
{
cpy_cnt = min( rest, c_hf_max );
proto_register_field_array(proto_medio, &hf[c_hf_total - rest], cpy_cnt);
rest -= cpy_cnt;
}
}
I have split registration in more pieces. And now, its allowed to
register only 128 filters at one time.
Sice this changed, every think works fine (all filters were registered)
Is it some bug in wireshark api or it looks like bug in my code?
*************************************
wireshark version:
Version 1.4.1 (SVN Rev 34476 from /trunk-1.4)
Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Oct
11 2010), with AirPcap.
Running on Windows XP Service Pack 3, build 2600, without WinPcap, GnuTLS 2.8.5,
Gcrypt 1.4.5, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
Operating system Windows XP, compiling tool MS VS 2008
*************************************
- Follow-Ups:
- Re: [Wireshark-dev] Filter registration limit
- From: Jaap Keuter
- Re: [Wireshark-dev] Filter registration limit
- Prev by Date: Re: [Wireshark-dev] Netflow dissector bug-to-be
- Next by Date: Re: [Wireshark-dev] Filter registration limit
- Previous by thread: [Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-10.04-x64
- Next by thread: Re: [Wireshark-dev] Filter registration limit
- Index(es):