Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: wireshark GUI vs tshark

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Tue, 24 Nov 2009 17:52:41 +0100
Hi Brian,

"This is my development code" is not an excuse. Cut away the crap, or
structure it.

"You forget to set initialized to TRUE in your handoff functions." means
the in your handoff routines you have a semaphore, but you never set it to
TRUE, even if the code has already executed. Next time handoff is called
the code runs again. So, at the end set the semaphore.

Accessing tvbuff like this is a problem. You have absolutely NO guarantee
that you can access the data this way. You WILL have array overruns,
problems with composite TVBs, etc, etc.
We have painstakingly provided you with a whole series of safe access
functions to handle everything you want to do in a single statement. Did I
already mention these are safe methods? No buffer overruns? With exception
handling build in? 

"I am a java programmer and just started to dig into this C stuff". I
would say welcome to the bear metal. No more handholding and sandboxing
here..... doc/README.developer is your friend.

Thanks,
Jaap

On Tue, 24 Nov 2009 10:59:28 -0500, Brian Oleksa
<oleksab () darkcornersoftware com> wrote:

Jaap and Chris

I appreciate your help.
I apologize for the messy code....this is my development code.

I have changed some of the code based on your suggestions that you made 
below: Such as...

FT_BYTES, BASE_HEX is now FT_BYTES, BASE_NONE
I have closed off the value_string helen_vals[] with {0, NULL}

However.. I do have some questions.

What do you mean when you say:  "You forget to set initialized to TRUE

in

your handoff functions."

Also..why does accessing tvbuff this way pose a problem..??    guint8 *
ptr = (guint8*) tvb->real_data;
Accessing tvbuff this way appears to be working fine...but would like

some

feed back if there is a well-known & correct way to do this.

I have attached a clean version of the code. It is now formatted and all



the old commented out code is now removed.

I am a java programmer and just started to dig into this C stuff....So I



apologize for any code that does not make sense.

Again...any help is greatly appreciated.

Thanks,
Brian



Jaap Keuter wrote:

Hi,

Oke, quick review then.

First of all the code is a mess. That results in:
1. hard to look through.
2. hard to spot even obvious errors.

You forget to set initialized to TRUE in your handoff functions.

  FT_BYTES, BASE_HEX should be FT_BYTES, BASE_NONE

Many inconsistencies in header blubs and labels.

value_string helen_vals[] isn't closed off by {0, NULL}

             guint8 * ptr = (guint8*) tvb->real_data;
Going about this way of accessing tvbuff data leads guaranteed to
failure.
For me it's enough to abort furher review of this code.

My advice: really read all of doc/README.developer and take the advice
to hart.

Thanks,
Jaap

Brian Oleksa wrote:
  

Jaap

Eventually this might get licensed...but just not sure what direction
we
will be going.

I have tracked down many many problems before when my code crashed 
within the GUI...because I would get some what of
a decent error. But I am having a hard time tracking down this bug as
it
runs fine in the GUI but not in tshark.

Doesn't tshark run off the same base code as the GUI does..?? If 
so...then you think if it would crash in one that it would crash in

the 

other....wouldn't you think..??

Attached is my code. Any help is greatly appreciated.

Thank you
Brian





Jaap Keuter wrote:
    

Hi,

Well, your assumption is probably right, that your dissector has 
something to do with it.

You can post it, but we prefer to spend our time on GPL'ed code. I 
don't know what you license will be.
If you prefer not to publish your code you can probably find enough 
clues in the documentation in the doc directory.

Thanks,
Jaap

Brian Oleksa wrote:
 
      

Chris and Jaap

Well.... I guess I can point out the obvious here:

I wrote a dissector that works fine with the GUI with no 
problem...but it crashes when I use tshark.

HOWEVER... if I remove my dissector....then my pcap file loads fine 
within tshark.

So the problem has to be with my dissector....correct..??

Is there anyway I can post my code so you can take a look..??

This is hard to track down as again everything works fine in the GUI



and I get NO real error message within tshark.

What do you think..?

Thanks,
Brian



Maynard, Chris wrote:
   
        

The file may not be corrupt but might contain packet(s) which are
exposing a tshark bug.  If you can post the capture file, that

would

probably help.  If you don't wish to post it on the mailing list,

you

can open a bug report and post it there instead, marking the file

as

private if you so desire so only the core developers have access to
it.

- Chris

-----Original Message-----
From: wireshark-dev-bounces () wireshark org
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Brian
Oleksa
Sent: Monday, November 23, 2009 12:59 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] wireshark GUI vs tshark

Jaap and Chris

I am running this on Win XP service pack 2.
I am using wireshark Version 1.2.4 (SVN Rev 30978).

The test.pcap file has been around for a while...so chances are it 
is not corrupt. It never crashes using the GUI...it just crashes

and 

gives me that pop up when I run it with that tshark command.

This is about all the information that I can provide....unless you 
can think of something else that you need..??

Thanks,
Brian


Jaap Keuter wrote:
       
          

Hi Brian,

Thanks for including the error report. It in itself doesn't tell
            
            

anything,
       
          

other than that a problem was detected. That's why Chris asked you
            
            

some
       
          

more questions on the whole situation. Maybe we can help you

further

            
            

when
       
          

you look into them.

Thanks,
Jaap

On Mon, 23 Nov 2009 12:02:17 -0500, Brian Oleksa
<oleksab () darkcornersoftware com> wrote:
             
            

Chris

I have attached the error this time....sorry about that. :-)

I get this error when I run with tshark using the following
command:

tshark -nr test.pcap ip.dst==x.x.x.x
But when I filter in the GUI ... I have no problems.

Thanks,
Brian





Maynard, Chris wrote:
                   
              

Any thoughts..??
                                    
                  

My first thought was, "I guess you forgot to include the error."
:)

In addition to the error, you might want to include some

Wireshark

version information, what OS you're running on and any other
                          
                

information
             
            

that you think might be relevant.

By the way, I tried a similar tshark command using Wireshark

1.2.4

                    
                

on
       
          

Windows XP SP3 with no problems.  Maybe you are running an older
                          
                

version
             
            

of Wireshark with a known bug that has been fixed, or maybe your
test.pcap file is corrupt or exposes a Wireshark bug, in which
case
                    
                

a
       
          

bug report might be in order with the attached test.pcap file
                    
                

included
       
          

so the core developers can analyze the error and find & fix the
bug.

- Chris

-----Original Message-----
From: wireshark-dev-bounces () wireshark org
[mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Brian
                    
                

Oleksa
       
          

Sent: Sunday, November 22, 2009 10:49 PM
To: Developer support list for Wireshark
Subject: [Wireshark-dev] wireshark GUI vs tshark


Wiresharkers

When I use my dissector with the GUI... everything works fine.

The

                    
                

pcap
       
          

                          
                

             
            

file that I load comes right up with NO problems. I can filter 
(ip.dst==x.x.x.x) with no problems.

But if I try to open that same pcap file with tshark using the
                          
                

following
             
            

command:

tshark -nr test.pcap ip.dst==x.x.x.x    
The files appears to start loading.. then I get the following
error.

Any thoughts..??

Thanks,
Brian
            


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: