This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

col_set_str method does not work on plugin

0

Hello,

i have recentrly tried to write a plugin for my wireshark in C following the manuals in the doc/ directory (readme.dissector, readme.plugins). Everything works fine, my dissector is registered and also the tree elements are added to the display. However the col_set_str method does not provide any visible results in the col_set_str.

The method call looks like this:

col_set_str(pinfo->cinfo, COL_PROTOCOL, "foo");
col_clear(pinfo->cinfo, COL_INFO);

The method gets called 100% since other method calls after col_set_str are executed normally. I also tried registering my dissector via register_postdissector instead adding it to the tcp-port-table however the results are still the same.

Has anyone made similar experiences so far or could help me out?

Thank you

asked 25 Feb '16, 02:21

Wodka's gravatar image

Wodka
6224
accept rate: 0%

edited 25 Feb '16, 02:24

Are your col statements under if(tree)? That will not work.

(25 Feb '16, 04:05) Anders ♦

Nope, i am using the method right under the declarations of the proto_tree and proto_item variables.

static int dissect_foo(tvbuff_t tvb, packet_info pinfo, proto_tree tree, void data U) {

proto_tree *protocol_subtree;
    proto_item *protocol_item;
/* Set the Protocol column to the constant string of foo */

col_set_str(pinfo->cinfo, COL_PROTOCOL, "foo");

…..

(25 Feb ‘16, 23:32) Wodka

So what is shown in the protocol column? The protocol your protocol is running on top of or? How is your protocol dissector called? By adding it to the TCP or UDP port table?

(26 Feb ‘16, 03:55) Anders ♦

I call it on top of the TCP Dissector, adding it to a certain port. The column string still is the TCP string.

(26 Feb ‘16, 04:35) Wodka

I used col_str() myself in a custom plugin running on top of TCP without any issue with both Wireshark 1.12.X and Wireshark 2.X. As you are the very first one to report such issue, and as we do not have much info yet, that would be helpful if you could execute the code step by step with a debugger to see what could be wrong as I fear no one will be able to help you without more info.

(26 Feb ‘16, 04:53) Pascal Quantin