This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark coredumps during load

0

I have a wireshark dissector plugin. I also have a wireshark installed from apt-get.

The wireshark loads fine without the plugin inserted in the right place. When I include the plugin .so file and try to run wireshark, I get the following error:

$ wireshark
08:23:45          Err  register_subtree_array: subtree item type (ett_...) not -1 ! This is a development error: Either the subtree item type has already been assigned or was not initialized to -1.
Trace/breakpoint trap (core dumped)

I tried understanding the problem. It says the subtree was already assigned (I'm assuming assigned an ett value) or was not initialized with -1.

there are 3 files in my plugin where the API is called and I checked the values of ett[] being supplied to the API in each of these places. They are all initialized to -1.

Stuck in a roadblock. Any suggestion would be helpful.

Also, I do not understand where wireshark dumps the core. I could not find any core. Any idea about this?

asked 03 Dec '13, 08:40

pysudhir's gravatar image

pysudhir
1324
accept rate: 0%

edited 03 Dec '13, 08:41

As I indicated at http://stackoverflow.com/questions/20323798/how-to-debug-wireshark-plugin-using-gdb:

You need to first ensure that you can build wireshark and your plugin and that this dev wireshark/plugin load and work.

Based upon your comments, I get the impression that you are building just the plugin and then trying to use it with an installed wireshark. This may work, but it's not the place to start.

(03 Dec '13, 09:04) Bill Meier ♦♦

I have seen a similar thing happen with an older wireshark. That's the reason I wasn't very worried about the approach. However, I believe that this question is a little different compared to that.

(03 Dec '13, 09:07) pysudhir

One Answer:

0

register_subtree_array: subtree item type (ett_...) not -1

...

there are 3 files in my plugin where the API is called and I checked the values of ett[] being supplied to the API in each of these places. They are all initialized to -1.

To which API are you referring? You must not call register_subtree_array() on any particular ett_ array more than once; if you're calling it twice, the first call will cause the ett_ values in the array to be set to values different from -1, so the next call will fail with that error.

answered 03 Dec '13, 10:50

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

That was exactly what I thought. And the error is pretty self explanatory. But, I have checked all the instances of the API register_subtre_array and found that none of the instances are making use of the same ett_ array.

(03 Dec '13, 19:18) pysudhir

Would it be possible to post your plugin code?

(03 Dec '13, 23:31) Kurt Knochner ♦