This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

GTPV2 IEs are shown as Unregistered

0

Hi, I am building wireshark 2.2.4 in centOs6 using

make uninstall,
./autogen.sh,
./configure,
make clean,
make,
make install...

I changed packet-gtpv2.c by adding some new IEs. Now the problem is some of the new IEs are getting registered, some of not getting registered. And surprisingly some old IEs are also shown not registered. The failed assertion message is shown as (guint)hfindex<gpa_hfinfo.len (Unregistered hf)... Any Idea about the issues? Any upper limit to add a new hf in hf_register_info in gtpv2.

asked 19 Jul '17, 01:27

Abhisek's gravatar image

Abhisek
16111216
accept rate: 0%

edited 19 Jul '17, 02:30

Jaap's gravatar image

Jaap ♦
11.7k16101


One Answer:

0

You are probably better off building the development version as new IEs has been added to the standard code since 2.2.4. What you are describing is probably a bug in your code.

answered 19 Jul '17, 01:46

Anders's gravatar image

Anders ♦
4.6k952
accept rate: 17%

What i found that IEs are added but there dissection still not yet coded completely in packet-gtpv2.c. So basically I coded the dissectors. For that I follow usual method proto_tree_add_item(....) and added the hf to hf_register_info array. But after adding those hf, the assertion message (guint)hfindex<gpa_hfinfo.len (Unregistered hf!) is shown for some of new as well as old hf. Basically Unregistered hf message will come is the hf is not added in hf_register_info array. But in this case though it's added, the error is shown.

(19 Jul '17, 02:01) Abhisek

If you enhance the dissector you should commit the code to the Wireshark project. It is impossible or at least hard to figure out what's wrong without seeing the code.

(19 Jul '17, 02:20) Anders ♦

I customised the code for internal purpose. Is it ok if I share the proto_register_gtpv2(....) function content.

(19 Jul '17, 03:50) Abhisek

It might suffice.

(19 Jul '17, 04:38) Anders ♦

I added the code snippet in answer part.

(19 Jul '17, 04:48) Abhisek

I added IEs one by one and rebuilt every time, AND at the end GOT A CLEAN EXECUTABLE. What I am thinking that probably the error caused by adding any hf entry more than once in the

hf_register_info

array. Anyhow it's great learning...

(24 Jul '17, 03:54) Abhisek
showing 5 of 6 show 1 more comments