I have a custom plugin for wireshark. I found a bug, but I'm not sure what causes the bug. During a live capture my plugin/dissector sometimes does not get called (No dissection information from my dissector), but this only happens sometimes. If I am to save the live capture and open the trace, everything is dissected perfectly, so it seems to be an issue with live capture. Any pointers as to why this is happening. Thanks Edit: Dissector is written in C. My plugin reroutes to one of two dissectors. I write to the info column before "if(tree)" in my dissectors. plugin registration: dissector_add_uint("tcp.port", Y_PORT, _handle); dissector_add_uint("tcp.port", Z_PORT, _handle); heur_dissector_add("udp", dissect_X, proto_X); I am using pinfo->fd->flags.visited asked 28 May '15, 14:42 XQW1123 edited 29 May '15, 07:21 |
How is your plugin called? Via UDP/TCP port registration - or? Is it written in LUA or C? Do you add stuff to the columns and tree before if(tree)? are you using pinfo->flags.vissited in your code? Is it a heuristic dissector?
Dissector is written in C.
My plugin reroutes to one of two dissectors.
I write to the info column before "if(tree)" in my dissectors.
plugin registration: dissector_add_uint("tcp.port", Y_PORT, _handle); dissector_add_uint("tcp.port", Z_PORT, _handle); heur_dissector_add("udp", dissect_X, proto_X);
Yes I am using pinfo->fd->flags.visited