Dissector bug

asked 2025-11-26 13:23:30 +0000

koniambo gravatar image

updated 2025-11-26 14:03:23 +0000

Chuckc gravatar image

Hi, I just installed wireshark via git following the instruction and it seems that some ceph dissector are bugged or something ?

Ceph UNKNOWN x2
Ceph UNKNOWN x4
Ceph UNKNOWN x7
Ceph UNKNOWN x9
Ceph UNKNOWN x24

 ** (wireshark:59037) 14:16:32.124968 [Epan WARNING] -- Dissector bug, protocol Ceph, in packet 16317: epan/dissectors/packet-ceph.c:1516: failed assertion "d->convd" (Frame visited, but no saved state.)
[Dissector bug, protocol Ceph: epan/dissectors/packet-ceph.c:1516: failed assertion "d->convd" (Frame visited, but no saved state.)]

Thanks for any help

edit retag flag offensive close merge delete

Comments

Could this be a false positive? Are you looking for Ceph protocol specifically?
Do you get a better dissection by disabling that protocol?

It's registered as a heuristic and that type of dissector is making a best guess (and sometimes greedy) at whether the packet matches the protocol.

    heur_dissector_add("tcp", dissect_ceph_heur, "Ceph over TCP", "ceph_tcp", proto_ceph, HEURISTIC_ENABLE);

(source line printing WARNING: https://gitlab.com/wireshark/wireshar...)

Chuckc gravatar imageChuckc ( 2025-11-26 14:06:25 +0000 )edit

Hi,

Thanks for your answer

Could this be a false positive? Are you looking for Ceph protocol specifically?

I was just looking at ceph protocol because I'm curious about it but I'm not very use to wireshark developpers mode and wireshark in general (just using it for casual things). Just wonder what's going on with those package.

Do you get a better dissection by disabling that protocol?

If I disable the protocol, they didn't show up in wireshark but I wan't to see Ceph protocol to understand the underlaying. (It's around 1% of the package so it's not that much)

koniambo gravatar imagekoniambo ( 2025-11-27 13:29:19 +0000 )edit

Can you share a packet capture (place on a public file share and update question with link to it) or a hex dump of the packet causing the warning.

Chuckc gravatar imageChuckc ( 2025-11-27 15:12:58 +0000 )edit

Do any of the sample captures attached to 10150: Ceph Dissector give the same warning you see with your capture?

Chuckc gravatar imageChuckc ( 2025-11-27 15:34:24 +0000 )edit

Hi,

None of the capture in the link are giving me the type of error that I get.

This is what I get in CLI when I load the capture

** (wireshark:11309) 10:14:20.529693 [Epan WARNING] -- Dissector bug, protocol Ceph, in packet 494: epan/dissectors/packet-ceph.c:1516: failed assertion "d->convd" (Frame visited, but no saved state.)

Copy of one of the packet involved

494 3.961913    192.168.219.11  192.168.219.20  Ceph    218 UNKNOWN x7[Dissector bug, protocol Ceph: epan/dissectors/packet-ceph.c:1516: failed assertion "d->convd" (Frame visited, but no saved state.)]

0000   30 3e a7 1b a6 75 92 bf 9c f8 28 c3 08 00 45 00   0>...u....(...E.
0010   00 cc 00 40 40 00 40 06 02 7b c0 a8 db 0b c0 a8   ...@@.@..{......
0020   db 14 1a 92 e2 fa 06 45 7b 71 22 6a 00 ...
(more)
koniambo gravatar imagekoniambo ( 2025-11-28 09:36:10 +0000 )edit
see more comments