On Sep 27, 2006, at 2:12 PM, Tomek Sikorski wrote:
> I've just started working in network division for a company in my
> hometown. About 2 years ago they started developing their own
> protocols
> in commercial purposes. Simultaneously they started developing
> dissectors in Ethereal [ver 0.10.14-31] for them. Now I'm trying to
> port
> them to Wireshark-0.99.3a
It's not really a port - this isn't new software, it's just a name
change (i.e., if Gerald Combs' previous employer were willing to give
up the Ethereal trademark, it would still be called "Ethereal":
http://www.wireshark.org/faq.html#q1.2
.) It's more of an upgrade to a later release.
> and after encountering serious of problems
> [because changes made in other than dissectors files weren't logged] I
> finally managed to compile and ran them. But I have one significant
> problem: I capture some traffic, it is dissected, and I write some
> filter [any, i.e. "ip"] -> I get SEGFAULT. gdb tells it's in one of
> functions put in proto.c used by my dissectors [and my dissectors
> only].
What's the full stack trace (preferably with line numbers)?
> But it worked on Ethereal! I probably forgot to copy some part of code
> somewhere, but I search and search and nothing. No asserts are
> failed,
> the compilation is also OK. And the dissection itself works!
If it's crashing in a function from proto.c called by one of your
dissectors, clearly dissection isn't *always* working.
> I scanned
> each frame to check if it does not SEGFAULT on a particular frame, but
> it went ok.
"Scanned" in what sense? I.e., you clicked on each of the frames, so
you saw the full dissection in the packet detail pane?
> Please, does any of you wireshark-gurus can tell me, what have changed
> so much in filters, that they don't work now? Where [which files]
> should
> I search?
The main thing that applying a filter does is that it causes a full
dissection of a packet to be done (so that all the fields values are
found, allowing them to be tested by a filter). If you read in a
capture file, and you don't have a color filter or display filter,
only enough dissection is done to set the columns in the summary pane
and to allow subdissectors to be called, so not all the dissector code
is tested.
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
