Re: Wireshark-dev Digest, Vol 50, Issue 42

[Vishal Kumar Singh <vishal.ismdh () gmail com>]

Hi All,

I am trying to build a custom dissector. But, when, I try to capture the the
intended packet. The program terminates with segmentation fault, saying
"report size exceeds the quota size, a crash in the package
wireshark-gnome-1.2.2-1.fc12"

I debugged it. Using backtrace, I came to know that col_add_fstr() function
is not being invoked properly. If I comment out the function col_add_fstr().
The wireshark runs properly, but, I have to use this function to decode my
packet properly.

Can anyone please tell me, what would be the possible reason ? Or, what
library file is required to support this function ? Or, Is there any other
library function which functions in the same way ?

Thanks & Regards,

Vishal Kumar Singh
Software Engineer
A R I C E N T
Vishal Kumar Singh
Software Engineer
A R I C E N T


On Tue, Jul 27, 2010 at 7:09 AM, <wireshark-dev-request () wireshark org>wrote:

> Send Wireshark-dev mailing list submissions to
>        wireshark-dev () wireshark org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://wireshark.org/mailman/listinfo/wireshark-dev
> or, via email, send a message with subject or body 'help' to
>        wireshark-dev-request () wireshark org
>
> You can reach the person managing the list at
>        wireshark-dev-owner () wireshark org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Wireshark-dev digest..."
>
>
> Today's Topics:
>
>   1. Re: Stats/tap plugin problem (Floris van Nee)
>   2. Re: Stats/tap plugin problem (Maynard, Chris)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 26 Jul 2010 18:02:53 -0700
> From: Floris van Nee <floris.vannee () gmail com>
> Subject: Re: [Wireshark-dev] Stats/tap plugin problem
> To: Developer support list for Wireshark <wireshark-dev () wireshark org>
> Message-ID:
>        <AANLkTin+y2OHWX2dMi7BNn8-nhMRqVowSYQjovqd2wta () mail gmail 
> com<AANLkTin%2By2OHWX2dMi7BNn8-nhMRqVowSYQjovqd2wta () mail gmail com>
> >
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thanks for the suggestion. This leads to a similar error when trying to
> compile Wireshark though:
>
> libwireshark.def : error LNK2001: unresolved external symbol
> register_dfilter_st
> at
> libwireshark.lib : fatal error LNK1120: 1 unresolved externals
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio
> 9.0\
> VC\BIN\link.EXE"' : return code '0x460'
> Stop.
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio
> 9.0\
> VC\BIN\nmake.exe"' : return code '0x2'
>
> I'm not sure what this means. Maybe the file also needs to be included
> somewhere else?
>
> -Floris
>
> On Mon, Jul 26, 2010 at 5:35 PM, Maynard, Chris <
> Christopher.Maynard () gtech com> wrote:
>
> >  Did you try adding register_dfilter_stat to epan/libwireshark.def?
> >
> > - Chris
> >
> >
> >
> >
> >
> > *From:* wireshark-dev-bounces () wireshark org [mailto:
> > wireshark-dev-bounces () wireshark org] *On Behalf Of *Floris van Nee
> > *Sent:* Monday, July 26, 2010 5:23 PM
> > *To:* wireshark-dev () wireshark org
> > *Subject:* Re: [Wireshark-dev] Stats/tap plugin problem
> >
> >
> >
> > To partially answer my own question: it seems that by bypassing
> stats_tree
> > you can manually register to listen to a tap. Here it is possible to
> specify
> > that you want the complete tree to be build (the flags parameter of
> function
> > register_tap_listener).
> >
> >
> >
> > Here arises another problem though, because by not using the stats_tree
> > functions, I don't have the nice GUI interface by default and can't use
> the
> > tick and count functions etc. By looking at the source, h225_ras_srt.c,
> for
> > example, I noticed that it is possible to manually build this GUI.
> However,
> > so far I haven't been able to get something like that to compile as a
> plugin
> > (Windows machine).
> >
> >
> >
> > First it complained that it couldn't find some GTK includes. This could
> be
> > fixed by changing the makefile to this (add GTK_CFLAGS):
> >
> >
> >
> > CFLAGS=/WX /DHAVE_CONFIG_H /I../.. $(GTK_CFLAGS) \
> >
> >    $(GLIB_CFLAGS) \
> >
> >             /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS)
> >
> >
> >
> > But after this a linking error occurred which I haven't been able to fix
> > (see below). It can't find the call to register_dfilter_stat. I tried
> > linking with libui.lib (which is the lib in the gtk folder), though this
> > only made things worse and gave tons of linking errors.
> >
> >
> >
> > Does anyone here have any ideas how to include GUIs in a plugin?
> >
> >
> >
> > Thanks,
> >
> > Floris
> >
> >
> >
> >         link -dll /out:test.dll /NOLOGO /INCREMENTAL:no /DEBUG
> /MACHINE:x86
> > /MAN
> >
> > IFEST:no test.obj        p_test.obj  q1.obj ..\..\epan\libwireshark.lib
> >  C:\w
> >
> > ireshark-win32-libs-1.2\gtk2\lib\glib-2.0.lib
> >  C:\wireshark-win32-libs-1.2\gtk2\
> >
> > lib\gmodule-2.0.lib  C:\wireshark-win32-libs-1.2\gtk2\lib\gobject-2.0.lib
> > test.r
> >
> > es
> >
> >    Creating library test.lib and object test.exp
> >
> > p_test.obj : error LNK2019: unresolved external symbol
> > _register_dfilter_stat re
> >
> > ferenced in function _register_tap_listener_gtk_test
> >
> > test.dll : fatal error LNK1120: 1 unresolved externals
> >
> > NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual
> Studio
> > 9.0\
> >
> > VC\BIN\link.EXE"' : return code '0x460'
> >
> >
> >
> >
> >
> >
> >
> > On Mon, Jul 26, 2010 at 10:32 AM, Floris van Nee <
> floris.vannee () gmail com>
> > wrote:
> >
> > Hi,
> >
> >
> >
> > I am trying to make a plugin for Wireshark which makes some statistics
> > about captured packets. The basic things work: it can count packets, use
> the
> > tap to send information collected while dissecting to the stats plugin
> and
> > do some other stuff using the stats_tree functions.
> >
> >
> >
> > Now I have the following situation:
> >
> > - My own dissector for my protocol
> >
> > - My stats plugin for my protocol
> >
> > - Another protocol (802.11) which my protocol encapsulates - I haven't
> > written the dissector for this one - it is already included in Wireshark.
> >
> >
> >
> > When I try to do some more advanced stuff I run into a couple of
> problems.
> > The main problem is that I'd like to be able to access the tree (or at
> least
> > some information, like sequence number of packet, data of ACK etc.) of
> the
> > protocol which I have encapsulated (802.11). I can't save the 'tree'
> > variable in my dissector to the tap information or to the private_data
> > field, because it seems that when the stats plugin is called, the
> dissector
> > is also called with tree=NULL, so it skips the whole tree creating part.
> >
> >
> >
> > I guess I either need to get Wireshark to also create the tree when it
> > calls my stats plugin, or find some other way to get the information
> about
> > the protocol mine encapsulates. Unfortunately I have no clue how to do
> that.
> > Does anyone here has the knowledge how something like this can be
> achieved?
> > Thanks,
> >
> > Floris
> >
> >
> >
> > CONFIDENTIALITY NOTICE: The contents of this email are confidential
> > and for the exclusive use of the intended recipient. If you receive this
> > email in error, please delete it from your system immediately and
> > notify us either by email, telephone or fax. You should not copy,
> > forward, or otherwise disclose the content of the email.
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    http://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >             mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://www.wireshark.org/lists/wireshark-dev/attachments/20100726/c2d32f96/attachment.htm
>
> ------------------------------
>
> Message: 2
> Date: Mon, 26 Jul 2010 21:39:25 -0400
> From: "Maynard, Chris" <Christopher.Maynard () GTECH COM>
> Subject: Re: [Wireshark-dev] Stats/tap plugin problem
> To: 'Developer support list for Wireshark'
>        <wireshark-dev () wireshark org>
> Message-ID:
>        <
> FEA7253CE01175418CE6A9BE162A91550A4B914322 () RIMAILMBX2 gtk gtech com>
> Content-Type: text/plain; charset="us-ascii"
>
> OK, I had assumed register_dfilter_stat was defined in one of the .c files
> in epan/ that's already part of libwireshark.dll, but it's not; it's in
> gtk/tap_dfilter_dlg.c.  My apologies.  I'm not sure how to solve your
> problem.
>
> - Chris
>
>
> From: wireshark-dev-bounces () wireshark org [mailto:
> wireshark-dev-bounces () wireshark org] On Behalf Of Floris van Nee
> Sent: Monday, July 26, 2010 9:03 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Stats/tap plugin problem
>
> Thanks for the suggestion. This leads to a similar error when trying to
> compile Wireshark though:
>
> libwireshark.def : error LNK2001: unresolved external symbol
> register_dfilter_st
> at
> libwireshark.lib : fatal error LNK1120: 1 unresolved externals
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio
> 9.0\
> VC\BIN\link.EXE"' : return code '0x460'
> Stop.
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio
> 9.0\
> VC\BIN\nmake.exe"' : return code '0x2'
>
> I'm not sure what this means. Maybe the file also needs to be included
> somewhere else?
>
> -Floris
>
> On Mon, Jul 26, 2010 at 5:35 PM, Maynard, Chris <
> Christopher.Maynard () gtech com<mailto:Christopher.Maynard () gtech com>>
> wrote:
> Did you try adding register_dfilter_stat to epan/libwireshark.def?
> - Chris
>
>
> From: wireshark-dev-bounces () wireshark org<mailto:
> wireshark-dev-bounces () wireshark org> [mailto:
> wireshark-dev-bounces () wireshark org<mailto:
> wireshark-dev-bounces () wireshark org>] On Behalf Of Floris van Nee
> Sent: Monday, July 26, 2010 5:23 PM
> To: wireshark-dev () wireshark org<mailto:wireshark-dev () wireshark org>
> Subject: Re: [Wireshark-dev] Stats/tap plugin problem
>
> To partially answer my own question: it seems that by bypassing stats_tree
> you can manually register to listen to a tap. Here it is possible to specify
> that you want the complete tree to be build (the flags parameter of function
> register_tap_listener).
>
> Here arises another problem though, because by not using the stats_tree
> functions, I don't have the nice GUI interface by default and can't use the
> tick and count functions etc. By looking at the source, h225_ras_srt.c, for
> example, I noticed that it is possible to manually build this GUI. However,
> so far I haven't been able to get something like that to compile as a plugin
> (Windows machine).
>
> First it complained that it couldn't find some GTK includes. This could be
> fixed by changing the makefile to this (add GTK_CFLAGS):
>
> CFLAGS=/WX /DHAVE_CONFIG_H /I../.. $(GTK_CFLAGS) \
>   $(GLIB_CFLAGS) \
>            /I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS)
>
> But after this a linking error occurred which I haven't been able to fix
> (see below). It can't find the call to register_dfilter_stat. I tried
> linking with libui.lib (which is the lib in the gtk folder), though this
> only made things worse and gave tons of linking errors.
>
> Does anyone here have any ideas how to include GUIs in a plugin?
>
> Thanks,
> Floris
>
>        link -dll /out:test.dll /NOLOGO /INCREMENTAL:no /DEBUG /MACHINE:x86
> /MAN
> IFEST:no test.obj        p_test.obj  q1.obj ..\..\epan\libwireshark.lib
>  C:\w
> ireshark-win32-libs-1.2\gtk2\lib\glib-2.0.lib
>  C:\wireshark-win32-libs-1.2\gtk2\
> lib\gmodule-2.0.lib  C:\wireshark-win32-libs-1.2\gtk2\lib\gobject-2.0.lib
> test.r
> es
>   Creating library test.lib and object test.exp
> p_test.obj : error LNK2019: unresolved external symbol
> _register_dfilter_stat re
> ferenced in function _register_tap_listener_gtk_test
> test.dll : fatal error LNK1120: 1 unresolved externals
> NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio
> 9.0\
> VC\BIN\link.EXE"' : return code '0x460'
>
>
>
> On Mon, Jul 26, 2010 at 10:32 AM, Floris van Nee <floris.vannee () gmail com
> <mailto:floris.vannee () gmail com>> wrote:
> Hi,
>
> I am trying to make a plugin for Wireshark which makes some statistics
> about captured packets. The basic things work: it can count packets, use the
> tap to send information collected while dissecting to the stats plugin and
> do some other stuff using the stats_tree functions.
>
> Now I have the following situation:
> - My own dissector for my protocol
> - My stats plugin for my protocol
> - Another protocol (802.11) which my protocol encapsulates - I haven't
> written the dissector for this one - it is already included in Wireshark.
>
> When I try to do some more advanced stuff I run into a couple of problems.
> The main problem is that I'd like to be able to access the tree (or at least
> some information, like sequence number of packet, data of ACK etc.) of the
> protocol which I have encapsulated (802.11). I can't save the 'tree'
> variable in my dissector to the tap information or to the private_data
> field, because it seems that when the stats plugin is called, the dissector
> is also called with tree=NULL, so it skips the whole tree creating part.
>
> I guess I either need to get Wireshark to also create the tree when it
> calls my stats plugin, or find some other way to get the information about
> the protocol mine encapsulates. Unfortunately I have no clue how to do that.
> Does anyone here has the knowledge how something like this can be achieved?
>
> Thanks,
> Floris
>
>
> CONFIDENTIALITY NOTICE: The contents of this email are confidential
>
> and for the exclusive use of the intended recipient. If you receive this
>
> email in error, please delete it from your system immediately and
>
> notify us either by email, telephone or fax. You should not copy,
>
> forward, or otherwise disclose the content of the email.
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org
> <mailto:wireshark-dev () wireshark org>>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>            mailto:wireshark-dev-request () wireshark org<mailto:
> wireshark-dev-request () wireshark org>?subject=unsubscribe
>
> CONFIDENTIALITY NOTICE: The contents of this email are confidential
> and for the exclusive use of the intended recipient. If you receive this
> email in error, please delete it from your system immediately and
> notify us either by email, telephone or fax. You should not copy,
> forward, or otherwise disclose the content of the email.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://www.wireshark.org/lists/wireshark-dev/attachments/20100726/7521fcdd/attachment.htm
>
> ------------------------------
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev () wireshark org
> https://wireshark.org/mailman/listinfo/wireshark-dev
>
>
> End of Wireshark-dev Digest, Vol 50, Issue 42
> *********************************************
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe