This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Expert Info Warnings between development and release versions of Wireshark

0

I am using development version 2.3.0 and release version 2.2.5 of Wireshark in development of a C dissector (on the same system). Referring back to https://ask.wireshark.org/questions/60224/difference-between-proto_tree_add_item-and-proto_tree_add_uint , I currently have a warning for using the wrong FT_UINT for a field.

The code in question:

#define PROTO_MEMORY_WRITE_ADDRESS_LEN 8

    proto_tree_add_item(proto_tree, hf_proto_memory_write_address, tvb, offset, PROTO_MEMORY_WRITE_ADDRESS_LEN, ENC_LITTLE_ENDIAN);
    offset += PROTO_MEMORY_WRITE_ADDRESS_LEN;

{&hf_proto_memory_write_address,
    {"Memory Write Address", "proto.memory_write_address", FT_UINT64, BASE_DEC, NULL, 0,
        NULL, HFILL }</code></pre><p>In the development version the memory write address displays with no errors. In the release version (copied generated .dll to plugins folder) the error is "Trying to fetch a signed integer with length 8." I have a similar issue in a nearly identical field - 8 bytes - with the same errors. I tried switching to FT_UINT32 and the results switched. No error in the release version but the dev version obviously said that the FT_UINT was wrong.</p></div><div id="question-tags" class="tags-container tags"><span class="post-tag tag-link-development" rel="tag" title="see questions tagged &#39;development&#39;">development</span> <span class="post-tag tag-link-c" rel="tag" title="see questions tagged &#39;c&#39;">c</span> <span class="post-tag tag-link-dissector" rel="tag" title="see questions tagged &#39;dissector&#39;">dissector</span> <span class="post-tag tag-link-expert-info" rel="tag" title="see questions tagged &#39;expert-info&#39;">expert-info</span></div><div id="question-controls" class="post-controls"></div><div class="post-update-info-container"><div class="post-update-info post-update-info-user"><p>asked <strong>21 Apr '17, 06:13</strong></p><img src="https://secure.gravatar.com/avatar/134bbb4fd9687f9718bb94d36c4b75fc?s=32&amp;d=identicon&amp;r=g" class="gravatar" width="32" height="32" alt="brownfox&#39;s gravatar image" /><p><span>brownfox</span><br />



21338

accept rate: 0%

edited 21 Apr ‘17, 06:14

One Answer:

0

Wireshark APIs are not guaranteed to (and are often never) backward compatible between major releases. So you cannot compile your plugin with Wireshark 2.3.0 source code and expect it to work with 2.2.5 without recompilation. If you want your plugin to be compatible with various major versions (here 2.2.X vs 2.3.0), you have to compile the library twice.

answered 21 Apr '17, 07:09

Pascal%20Quantin's gravatar image

Pascal Quantin
5.5k1060
accept rate: 30%

Thanks, that makes sense. I'll switch my development source code.

(21 Apr '17, 07:25) brownfox