Wireshark mailing list archives

Re: Sub_dissectors assertion failed

From: Scott <theerickson () gmail com>
Date: Mon, 24 May 2010 10:40:08 -0600

Hi Guy!  I hope your weekend was enjoyable.

On Sat, May 22, 2010 at 2:39 PM, Guy Harris <guy () alum mit edu> wrote:

So presumably the IP protocol rider protocol has fields of its own.

Does the IP protocol rider have an IP protocol number assigned to it, so
that you have:
       link-layer protocol
       IP, with the IP protocol number having the value for the IP protocol
rider protocol
       IP protocol rider protocol
       custom protocol
       some protocol that normally runs directly atop IP

or is this a non-standard encapsulation where you have:
       link-layer protocol
       IP, with the IP protocol number having the value for the protocol
that's above the custom protocol
       IP protocol rider protocol
       custom protocol
       some protocol that normally runs directly atop IP


The former.

The former can be done without modifying Wireshark, but not the way you're

doing it.



What is the best way to do it?

I overcame the problem of the protocols not matching by seeing that the
protocol number copied over from IP to my IP rider and *supposedly* stored
in hf_[IPR protocol] field was incorrect.  It was 65,000 something when
printf'd.  What does hf_register_info do with that variable (hf_[IPR
protocol])?  I suppose telling it that it is an FT_UINT8 tells it how to
read it from the tvbuff_t.  Does all it do is use tvb_get_guint8()?  I had
to use that function manually to get the protocols to match correctly with
the ip_dissector_table.  Before that I tried casting it to a guint8 but that
didn't work.

It now works with the code I showed before, but I am getting this problem
now:
http://img80.imageshack.us/img80/5582/malformed.gif

-Scott

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: MacOSX snow leo integration, (continued)
- - - Re: MacOSX snow leo integration H.sivank (May 22)
    - Re: MacOSX snow leo integration Guy Harris (May 22)
    - Re: MacOSX snow leo integration H.sivank (May 22)
    - Re: MacOSX snow leo integration Guy Harris (May 22)
    - Re: MacOSX snow leo integration H.sivank (May 23)
    - Re: MacOSX snow leo integration Guy Harris (May 24)
    - Re: MacOSX snow leo integration H.sivank (May 25)
    - Re: MacOSX snow leo integration Stephen Fisher (May 25)
    - Re: MacOSX snow leo integration H.sivank (May 25)
    - Re: Sub_dissectors assertion failed Guy Harris (May 22)
    - Re: Sub_dissectors assertion failed Scott (May 24)
    - Re: Sub_dissectors assertion failed Guy Harris (May 24)
    - Re: Sub_dissectors assertion failed Scott (May 24)
    - Re: Sub_dissectors assertion failed Jakub Zawadzki (May 24)
    - Re: Sub_dissectors assertion failed Guy Harris (May 24)
    - Re: Sub_dissectors assertion failed Scott (May 25)
    - Re: Sub_dissectors assertion failed Bryan Miller (May 22)