I've built Wireshark 1.12.6 from the source tarball on the download page. The only change I've made is adding a single dissector, which was working pretty solidly in the 1.10.x series. In the 1.12.6 version when I go to type an x in the display filter (such as protocol.somefield == 0x12), Wireshark immediately hangs and crashes upon typing the "x". Thanks, Brian asked 05 Aug '15, 07:18  brwiese edited 05 Aug '15, 08:27  cmaynard ♦♦ |
One Answer:
Found the problem. My value_string variables did not have "{ 0, NULL }" as the last value. This didn't seem to be a problem in the 1.8.x and 1.10.x series, but who knows. Thanks, Brian answered 06 Aug '15, 12:22 brwiese So it was your protocol, and yes, the final {0, NULL} tuple is important, also in 1.8 and 1.10. You just got lucky, I guess. (06 Aug '15, 22:42) Jaap ♦ |
is 'protocol' in 'protocol.somefield' your protocol or an already existing protocol?