FT_FRAMENUM is not working

Question

#include "config.h"
#include <epan/packet.h>
#define TMP_PORT 80
static int proto_tmp_test = -1;
static int hf_tmp_test_pdu_type = -1;
static int hf_tmp_test_tmp = -1;
static int ett_tmp_test = -1;
static int dissect_tmp_test (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void data)
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "tmp");
/ Clear out stuff in the info column */
col_clear(pinfo->cinfo,COL_INFO);
proto_item *ti = proto_tree_add_item(tree, proto_tmp_test, tvb, 0, -1, ENC_NA);

// just an example - this has no meaning
proto_tree_add_uint(tree, hf_tmp_test_tmp, tvb, 0, 0, 12);

return tvb_captured_length(tvb);

}
void
proto_register_tmp_test(void)
{
static hf_register_info hf[] = {
{ &hf_tmp_test_pdu_type,
{ "tmp PDU type", "tmp.type",
FT_UINT8, BASE_DEC,
NULL, 0x0,
NULL, HFILL }
},
{ &hf_tmp_test_tmp,
{ "tmp Tmp frame number", "tmp.tmp",
FT_FRAMENUM, BASE_NONE,
NULL, 0x0,
NULL, HFILL }
}
};
/* Setup protocol subtree array */
static gint *ett[] = {
    &amp;ett_tmp_test
};

proto_tmp_test = proto_register_protocol (
    &quot;tmp Test Protocol&quot;, /* name       */
    &quot;tmp&quot;,      /* short name */
    &quot;tmp&quot;       /* abbrev     */
    );

proto_register_field_array(proto_tmp_test, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));

}
void
proto_reg_handoff_tmp_test(void)
{
static dissector_handle_t tmp_test_handle;
tmp_test_handle = create_dissector_handle(dissect_tmp_test, proto_tmp_test);
dissector_add_uint(&quot;tcp.port&quot;, TMP_PORT, tmp_test_handle);

}

I want to add FT_FRAMENUM for the direct link to frame. But it seems for some reason wireshark is not recognizing the hfinfo and throwing exception DISSECTOR_ASSERT_NOT_REACHED from proto_tree_add_uint. From my analysis I found wireshark is not recognizing hf_tmp_test_tmp in the above code.

Please help me with this.

Answer 1

1

I can run your sample code without any issue with Wireshark 2.2.3.

Are you developing an internal dissector, or a plugin?

If it is a plugin, are you compiling it against Wireshark 2.2.3 source code? The ftenum enumeration found in epan/ftypes/ftypes.h changes between Wireshark major releases, so FT_FRAMENUM will not have the same value depending on the branch used.

answered 13 Jan '17, 06:01

Pascal Quantin
5.5k●10●60
accept rate: 30%

Hi Pascal, I am developing plugin. I am compiling it using the latest wireshark libraries (source code git cloned). currently I am using it one a 32-bit wireshark 2.2.3 version for windows.

(16 Jan '17, 03:01) chirag

Hi Pascal, It seems you are right, the ftypes which is used by the wireshark I downloaded from the internet is different then the one I am compiling with . I calculated the offset and instead of FT_FRAMENUM i had put FT_IPXNET which is right after it, and it worked as FT_FRAMENUM.

Any idea on how to check the installed wireshark ftypes.h file?

(16 Jan '17, 04:43) chirag

What you should do is ensure you are compiling against the Wireshark version you intend to use.

So if you want to run Wireshark 2.2.X stable release, you need to clone master-2.2 branch and not master branch (that corresponds to Wireshark 2.3.0 development builds). Wireshark internal APIs are not stable between major releases and you will face many weird issues if you do not follow my advice. Then compile your plugin source code as usual.

(16 Jan '17, 06:00) Pascal Quantin

Hi Pascal, thanks a lot for the help, I changed the libraries to match with the installed versions and all problems are gone.

(16 Jan '17, 06:18) chirag

As the problem is solved, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer.

(16 Jan '17, 06:32) Pascal Quantin