Wireshark mailing list archives
Re: Filter registration limit
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Mon, 08 Nov 2010 16:53:37 +0100
Hi, There's no limit on this, but one thing that's changed is tighter conformance checks on header fields during registration. You should be able to find a problem at field #315. If you open up a console you should see something there as well. With your new loop you just reduce the impact. So, there's probably still a block of 'filters' that's not initialized, you just haven't found them yet. If you can post fields 310 up to 320 we might spot an issue. BTW: Blurbs as "" are deprecated, just put in NULL. Thanks, Jaap On Mon, 8 Nov 2010 15:57:38 +0100, Martin Mizera <martin.mizera () gmail com> wrote:
Hello, few moths ago(years), I finished writing own dissector for parsing proprietary protocol. Last moth, I have rebuild my project using wireshark 1.4.1( because some bugs appeard during parsing register table(hf_register_info) ) From this time, only first 0x13a (314) filters are successfully registered. (after calling method proto_register_field_array, only firs 314 items have valid value (no -1) , rest have still -1)) I register filters like that: void proto_register_tp_info ( int proto_medio ) { static hf_register_info hf[] = { { &hf_tp_ip_address, { "IP Address", "tp.IP", FT_NONE, BASE_NONE, NULL, 0, "IP Address", HFILL } }, { &hf_tp_port_num, { "Port Number ", "tp.PN", FT_NONE, BASE_NONE, NULL, 0, "Port Number ", HFILL } }, ... ... and lots of more ... { &hf_tp_nwcref, { "Network Call Reference", "tp.NWCREF", FT_NONE, BASE_NONE, NULL, 0, "", HFILL } }, { &hf_tp_nwcref_value, { "Call Reference number", "tp.NWCREF.VAL", FT_UINT64, BASE_HEX_DEC, NULL, 0, "", HFILL } }, }; //totaly array length is more than 982 proto_register_field_array(proto_medio, hf, array_length(hf)); } In watches I can see that only firs 314 was inicialized. I was seeking for any registration limit, but I didn't found any. So I rewrite my registration function like that: void proto_register_tp_info ( int proto_medio ) { static hf_register_info hf[] = { { &hf_tp_ip_address, { "IP Address", "tp.IP", FT_NONE, BASE_NONE, NULL, 0, "IP Address", HFILL } }, { &hf_tp_port_num, { "Port Number ", "tp.PN", FT_NONE, BASE_NONE, NULL, 0, "Port Number ", HFILL } }, ... ... and lots of more ... { &hf_tp_nwcref, { "Network Call Reference", "tp.NWCREF", FT_NONE, BASE_NONE, NULL, 0, "", HFILL } }, { &hf_tp_nwcref_value, { "Call Reference number", "tp.NWCREF.VAL", FT_UINT64, BASE_HEX_DEC, NULL, 0, "", HFILL } }, }; //totaly array length is more than 982 const gint c_hf_max = 128; //maximum registration filters at on time const gint c_hf_total = array_length(hf); //total array len ... its more than 980 gint rest = c_hf_total; gint cpy_cnt; while( rest > 0 ) { cpy_cnt = min( rest, c_hf_max ); proto_register_field_array(proto_medio, &hf[c_hf_total - rest], cpy_cnt); rest -= cpy_cnt; } } I have split registration in more pieces. And now, its allowed to register only 128 filters at one time. Sice this changed, every think works fine (all filters were registered) Is it some bug in wireshark api or it looks like bug in my code? ************************************* wireshark version: Version 1.4.1 (SVN Rev 34476 from /trunk-1.4) Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 11 2010), with AirPcap. Running on Windows XP Service Pack 3, build 2600, without WinPcap, GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap. Built using Microsoft Visual C++ 9.0 build 30729 Operating system Windows XP, compiling tool MS VS 2008 ************************************* ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Filter registration limit Martin Mizera (Nov 08)
- Re: Filter registration limit Jaap Keuter (Nov 08)
- Re: Filter registration limit Martin Mizera (Nov 08)
- Re: Filter registration limit Jaap Keuter (Nov 08)