I have problem when update plugins for latest version of Wireshark

plugins
retag add tags

I am trying to update a plugins that worked well for Wireshark version 1.6.0, I want this plugins to work for also the latest version of Wireshark. I have done some modified, changes, but it still does not really work.

Wireshark seems can not load my plugins, it appears with the error:

Dissector bug C:\Development...\proto.c:8709 failed assertion "DISSECTION_ASSERT_NOT_REACHED"

What this error means? Does it mean there is some error in the plugins code?

123

asked 2021-05-14 06:19:08 +0000, updated 2021-05-14 07:19:06 +0000

edit flag offensive 0 remove flag close merge delete

Comments

It means that some internal test in Wireshark failed; the test may be a test to make sure a plugin is not doing something incorrectly, so it might be a problem with your plugin.

We'd need to know what version of Wireshark you tried this with, because the error message isn't as helpful as it could be - it just says that the code shouldn't reach line 8790 of the file proto.c (epan/proto.c in the Wireshark source), but there isn't such an assertion test on line 8790 of that file in the latest release of Wireshark, which is Wireshark 3.4.5.

Guy Harris (2021-05-14 07:04:56 +0000) edit

The Wireshark that I tried is version 3.4.5. So does it mean that it does some warning about problem in my plugins code, but did not show me what is the problem?

EDIT: I have been type incorrectly, the problem is c:8709, not 8790.

123 (2021-05-14 07:27:32 +0000) edit

I would say that Wireshark 1.6 and 3.4 are almost completely different animals. So I would be surprised if it had worked.

hugo.vanderkooij (2021-05-14 07:53:32 +0000) edit

If you read the indicated row in proto.c it will give a clue to what the problem is.

Anders (2021-05-14 13:16:56 +0000) edit

add a comment see more comments

1 Answer

Sort by

oldest

newest

most voted

The test on line 8709 is part of a loop that checks whether the "abbreviation" for a named field contains only:

ASCII alphabetic characters (A-Z, a-z);
digits (0-9);
ASCII dash (hyphen);
period (.);
underscore (_).

It also requires that the period not be at the beginning or the end of the abbreviation, that there are not two periods in a row.

So you must update your dissector so that if, in the abbreviations of the fields that it registers, it's using any characters other than the ones listed there, or if it puts a period at the beginning or end of the abbreviation, or if it has two or more periods in a row, it no longer does so.

The descriptive name of the field, which is what's used in the packet details display, is not restricted in that fashion. The abbreviation, which is what's used in packet-matching expressions ("display filters"), and when telling Wireshark or TShark to use certain fields when drawing graphs or when printing particular field values, is restricted in that fashion. So a dissector can, for example, have a field registered as

{ &hf_ip_hdr_len,
  { "Header Length", "ip.hdr_len", FT_UINT8, BASE_DEC,
    NULL, 0x0, "Header length in 32-bit words", HFILL }},

with a space in the description a space in the "blurb" ("Header length in 32-bit words"), but you can't have a field registered as

{ &hf_ip_hdr_len,
  { "Header Length", "ip hdr len", FT_UINT8, BASE_DEC,
    NULL, 0x0, "Header length in 32-bit words", HFILL }},

with spaces in the abbreviation.

19.9k

Guy Harris

answered 2021-05-14 19:16:07 +0000

edit flag offensive 0 remove flag delete link

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer

I have problem when update plugins for latest version of Wireshark edit

Comments

1 Answer

Comments