I'm trying to use a dissector plugin from the 'openambit' open source project. The plugin is intended to dissect certain proprietary (ambit protocol) data from USB HID packets. Wireshark displays the USB traffic (captured via usbmon) so far as getting Frame, URB, HID Data, etc., but there's no output from the plugin. At startup Wireshark prints a series of errors - it is clearly unhappy, though this is supposedly working code.
The code departs from that given in the Wireshark Developer's Guide, and is commented apparently acknowledging this. As I understand it, create_dissector_handle() should be called by proto_reg_handoff_ambit(), but instead register_dissector() is called by proto_register_ambit() which then also calls out to proto_reg_handoff_ambit(). I've tried rearranging the code to match the Wireshark Developer's Guide, but there is still no output from the plugin. If I remove the callout to proto_reg_handoff_ambit() then, as far as I can tell (printf debugging), it is never called.
This is all under Debian GNU/Linux 11 (bullseye), with the Debian packaged Wireshark 3.4.10 (3.4.10-0+deb11u1). Openambit is built from latest github sources (rev. edfde58). The plugin has clearly worked for others and one thought is that maybe it's only tested under MS Windows (the project documentation isn't explicit about this), if that would make a difference.
Excerpt from ambit-dissector.c (rev. 4f9ba59):
void proto_register_ambit(void)
{
static hf_register_info hf[] = {
/* ... */
};
static gint *ett[] = {
/* ... */
};
proto_ambit = proto_register_protocol (
"Suunto Ambit USB Protocol",
"Ambit",
"ambit"
);
proto_register_field_array(proto_ambit, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
ambit_handle = register_dissector("ambit", dissect_ambit, proto_ambit);
// Function not called by the API, why ???
proto_reg_handoff_ambit();
}
void proto_reg_handoff_ambit(void)
{
/* ambit_handle = find_dissector("ambit"); */
/* ambit_handle = create_dissector_handle(dissect_ambit, proto_ambit); */
dissector_add_uint("usb.interrupt", IF_CLASS_UNKNOWN, ambit_handle);
dissector_add_uint("usb.interrupt", IF_CLASS_HID, ambit_handle);
}
Startup error messages and version info:
$ tshark -v
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
<...snip...>
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
OOPS: dissector table "usb.interrupt" doesn't exist
Protocol being registered is "Suunto Ambit USB Protocol"
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
OOPS: dissector table "usb.interrupt" doesn't exist
Protocol being registered is "Suunto Ambit USB Protocol"
TShark (Wireshark) 3.4.10 (Git v3.4.10 packaged as 3.4.10-0+deb11u1)
Copyright 1998-2021 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.66.8, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.17.1, with Lua
5.2.4, with GnuTLS 3.7.1 and PKCS #11 support, with Gcrypt 1.8.8, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.43.0, with brotli, with LZ4,
with Zstandard, with Snappy, with libxml2 2.9.10.
Running on Linux 5.10.0-10-amd64, with Intel(R) Xeon(R) CPU X5650 @
2.67GHz (with SSE4.2), with 48169 MB of physical memory, with locale
en_GB.UTF-8, with libpcap version 1.10.0 (with TPACKET_V3), with GnuTLS 3.7.1,
with Gcrypt 1.8.8, with brotli 1.0.9, with zlib 1.2.11, binary plugins supported
(0 loaded).
Built using gcc 10.2.1 20210110.
I'm trying to use a dissector plugin from the 'openambit' open source project. The plugin is intended to dissect certain proprietary (ambit protocol) data from USB HID packets. Wireshark displays the USB traffic (captured via usbmon) so far as getting Frame, URB, HID Data, etc., but there's no output from the plugin. At startup Wireshark prints a series of errors - it is clearly unhappy, though this is supposedly working code.
The code departs from that given in the Wireshark Developer's Guide, and is commented apparently acknowledging this. As I understand it, create_dissector_handle() should be called by proto_reg_handoff_ambit(), but instead register_dissector() is called by proto_register_ambit() which then also calls out to proto_reg_handoff_ambit(). I've tried rearranging the code to match the Wireshark Developer's Guide, but there is still no output from the plugin. If I remove the callout to proto_reg_handoff_ambit() then, as far as I can tell (printf debugging), it is never called.
This is all under Debian GNU/Linux 11 (bullseye), with the Debian packaged Wireshark 3.4.10 (3.4.10-0+deb11u1). Openambit is built from latest github sources (rev. edfde58). The plugin has clearly worked for others and one thought is that maybe it's only tested under MS Windows (the project documentation isn't explicit about this), if that would make a difference.
Excerpt from ambit-dissector.c (rev. 4f9ba59):
void proto_register_ambit(void)
{
static hf_register_info hf[] = {
/* ... */
};
static gint *ett[] = {
/* ... */
};
proto_ambit = proto_register_protocol (
"Suunto Ambit USB Protocol",
"Ambit",
"ambit"
);
proto_register_field_array(proto_ambit, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
ambit_handle = register_dissector("ambit", dissect_ambit, proto_ambit);
// Function not called by the API, why ???
proto_reg_handoff_ambit();
}
void proto_reg_handoff_ambit(void)
{
/* ambit_handle = find_dissector("ambit"); */
/* ambit_handle = create_dissector_handle(dissect_ambit, proto_ambit); */
dissector_add_uint("usb.interrupt", IF_CLASS_UNKNOWN, ambit_handle);
dissector_add_uint("usb.interrupt", IF_CLASS_HID, ambit_handle);
}
Startup error messages and version info:
$ tshark -v
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.341: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
<...snip...>
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_insert_internal: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
OOPS: dissector table "usb.interrupt" doesn't exist
Protocol being registered is "Suunto Ambit USB Protocol"
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
(process:123503): GLib-CRITICAL **: 22:16:43.344: g_hash_table_lookup: assertion 'hash_table != NULL' failed
OOPS: dissector table "usb.interrupt" doesn't exist
Protocol being registered is "Suunto Ambit USB Protocol"
TShark (Wireshark) 3.4.10 (Git v3.4.10 packaged as 3.4.10-0+deb11u1)
Copyright 1998-2021 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with GLib 2.66.8, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.17.1, with Lua
5.2.4, with GnuTLS 3.7.1 and PKCS #11 support, with Gcrypt 1.8.8, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.43.0, with brotli, with LZ4,
with Zstandard, with Snappy, with libxml2 2.9.10.
Running on Linux 5.10.0-10-amd64, with Intel(R) Xeon(R) CPU X5650 @
2.67GHz (with SSE4.2), with 48169 MB of physical memory, with locale
en_GB.UTF-8, with libpcap version 1.10.0 (with TPACKET_V3), with GnuTLS 3.7.1,
with Gcrypt 1.8.8, with brotli 1.0.9, with zlib 1.2.11, binary plugins supported
(0 loaded).
Built using gcc 10.2.1 20210110.