Ask Your Question
0

plugin.c: register_handoff gets overwritten to NULL for custom plugin

asked 2018-06-14 08:18:08 +0000

MSK gravatar image

updated 2018-06-14 08:58:27 +0000

Jaap gravatar image

Hello,

I have written a custom dissector on the latest version of Wireshark running on the Ubuntu GNU/Linux OS. I can see the protocol being registered with Wireshark but have a problem with dissecting the packets for my protocol. In the plugin.c file for my plugin, the register_handoff is always NULL and when I assign to my protocol hand_off and build it and on running I am able to see my protocol being dissected for a few seconds, after which Wireshark gets terminated with error: stack smashing detected ***; <unknown> terminated.

When Wireshark is build again, the register_handoff gets assigned to NULL again, after which I cannot dissect packets. Now, this overwrite does not happen when registering the protocol. Happens only for the reg_handoff part.

Please advice.

edit retag flag offensive close merge delete

Comments

Stop referring to this as a 'problem in capturing the packets for my protocol'. You have problems dissecting the packets of your protocol. Edited accordingly.

Jaap gravatar imageJaap ( 2018-06-14 08:58:29 +0000 )edit

Without any code to look at, I would suggest that you try reviewing the README.plugins file, and a sample plugin such as gryphon to help you resolve your problem.

cmaynard gravatar imagecmaynard ( 2018-06-14 14:12:18 +0000 )edit

I think the issue is that in the make-plugin-reg.py the symbol for my plugin is not in the regs['handoff_reg'] so it sets the reg_code for the register_handoff to NULL. I understand make-plugin-reg.py automatically generates the plugin.c files so I was wondering where exactly does it gets all the settings from ?

Really appreciate if someone could guide me. Thanks in advance.

MSK gravatar imageMSK ( 2018-06-20 01:08:07 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-06-20 05:53:37 +0000

Jaap gravatar image

You dissector must have two registration functions formatted as this (as defined in doc/packet-PROTOABBREV.c):

/* Prototypes */
/* (Required to prevent [-Wmissing-prototypes] warnings */
void proto_reg_handoff_PROTOABBREV(void);
void proto_register_PROTOABBREV(void);

....

void
proto_register_PROTOABBREV(void)
{
....
}

void
proto_reg_handoff_PROTOABBREV(void)
{
....
}

If you deviate from this specific format, the registration routines will not be detected in the build, hence not called, and your dissector will not work.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-06-14 08:18:08 +0000

Seen: 56 times

Last updated: Jun 20