This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark 1.4.1 - how to debug MIB import?

0

Using Wireshark 1.4.1 on Windows XP Pro SP3; trying to import a vendor MIB in order to decode content of some SNMP traps etc.

After importing the MIB and restarting Wireshark the following error box pops up:

"Stopped processing module ARTEVEA-MIB due to error(s) to prevent potential crash in libsmi. Module's conformance level: 1. See details at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325"

Reading the linked page (bug tracker) it appears that this is a safeguard that is invoked if there are missing references in the MIB being parsed. But there doesn't appear to be any report (message or log file) that would lead me to what is missing.

The vendor MIB has external references to RFC1155-SMI, RFC1213-MIB, RFC-1212 and RFC-1215; I have explicitly loaded all of those (all were present in Wireshark's snmpmibs folder) and reloaded my vendor MIB, but the problem still persists.

FWIW I also get the same error for one of the standard MIBs that came with Wireshark (SNMPv2-SMI; this error seems to have been reported elsewhere; conceivably the same thing that is breaking the parsing of my vendor MIB could be breaking this too...

"Stopped processing module SNMPv2-SMI due to error(s) to prevent potential crash in libsmi. Module's conformance level: 1. See details at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560325"

BTW, the vendor MIB I am trying to import doesn't appear to have any syntax errors or other problems as it is working fine if loaded in Castle Rock SNMPc.

Anyone able to tell me how I can debug the MIB import so I can see where the thing is going wrong?

Thanks, Richard Culpan - Artevea Digital Ltd.

asked 14 Oct '10, 03:38

Richard%20Culpan's gravatar image

Richard Culpan
6112
accept rate: 0%

See the Wireshark Bug Database, especially bug 5112 and bug 5171

(14 Oct '10, 06:13) joke

2 Answers:

1

MIBs and SNMP are tricky protocols. Even though the Agent may be fine with it, libsmi may have a problem with it. Once it does it has nodes in non-finalized state in its tree, which can cause even crashes. To prevent that from happening MIBs are rejected when libsmi can't properly load them.

You should try to use smilint and see what it reports on your MIB. There's an online version available through the libsmi website

answered 14 Oct '10, 12:45

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Thanks for reply - I have used online version of "smilint"; it reported quite a lot of minor errors/warnings (mostly level 3), so I'm now analysing the report to see how I can improve the MIB and hopefully find which of the things found is tripping up the import into Wireshark.

Regards, Richard

(15 Oct '10, 02:33) Richard Culpan

0

For reference - after analysing the output of "smilint":

libsmi appears not to like (and chokes on) object identifiers that either:

  1. Starts in an upper case letter ("smilint" reports this as a "level 1" error (must be fixed) yet other programs such as Castle Rock SNMPc do not complain. So IMO it is really a "level 2" error (ignored by some implentations).
  2. Is composed entirely of upper case letters ("smilint" reports a "level 1" error (internal - other error in libsmi) and aborts processing of the entire statement.

To fix the errors I have renamed the offending objects such that they now begin with a lower case letter; the MIB now loads successfully in Wireshark.

Regards, Richard

answered 15 Oct '10, 03:04

Richard%20Culpan's gravatar image

Richard Culpan
6112
accept rate: 0%