填充子树时出现 Wireshark C 解剖器错误
Wireshark C dissector error when filling subtree
我有一个简单的 Wireshark 解析器,它在 运行 反对捕获时抛出以下错误警告:
13:04:12 Warn Dissector bug, protocol usbserial, in packet 353: /wireshark/epan/proto.c:5504:
failed assertion "idx >= 0 && idx < num_tree_types"
协议注册函数如下所示:
static gint ett_myproto = -1;
void
proto_register_myproto(void)
{
/* Set up field array */
static hf_register_info hf[] = {
{ &hf_myproto_payload,
{"Payload", "myproto.payload", FT_BYTES, BASE_NONE, NULL,
0x0, NULL, HFILL }},
};
/* Register protocol */
proto_myproto = proto_register_protocol("My Protocol", "myproto", "myproto");
/* Register protocol fields */
proto_register_field_array(proto_myproto, hf, array_length(hf));
/* Register the dissector */
register_dissector("myproto", dissect_myproto, proto_myproto);
}
解剖器对数据进行了一些一般性处理,但问题领域的核心似乎是:
static int
dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
void *data _U_)
{
proto_item *ti;
proto_tree *myproto_tree;
/* Create top tree and add to the item */
ti = proto_tree_add_protocol_format(tree, proto_myproto, tvb, 0, -1,
"My Protocol");
myproto_tree = proto_item_add_subtree(ti, ett_myproto);
proto_tree_add_bytes_format(myproto_tree, hf_myproto_payload,
tvb, 0, payload_len,
NULL, "Payload");
}
我需要做什么才能让协议正确填充子树?
这里的问题是无法将子树注册为子树数组的一部分(来自 here 的提示)。
这是在协议注册函数中完成的,需要"packaging"个子树变量(这里只有一个:ett_myproto)到一个数组中,然后使用proto_register_subtree_array:
static gint ett_myproto = -1;
void
proto_register_myproto(void)
{
/* Set up field array */
static hf_register_info hf[] = {
....
};
/* Register protocol */
proto_myproto = proto_register_protocol("My Protocol", "myproto", "myproto");
/* Register protocol fields */
proto_register_field_array(proto_myproto, hf, array_length(hf));
/* Setup and register all protocol subtrees */
static gint *ett[] = {
&ett_myproto,
};
proto_register_subtree_array(ett, array_length(ett));
/* Register the dissector */
register_dissector("myproto", dissect_myproto, proto_myproto);
}
ett 变量是索引,用于引用有关子树状态的 GUI 信息(例如展开与否)。
我有一个简单的 Wireshark 解析器,它在 运行 反对捕获时抛出以下错误警告:
13:04:12 Warn Dissector bug, protocol usbserial, in packet 353: /wireshark/epan/proto.c:5504:
failed assertion "idx >= 0 && idx < num_tree_types"
协议注册函数如下所示:
static gint ett_myproto = -1;
void
proto_register_myproto(void)
{
/* Set up field array */
static hf_register_info hf[] = {
{ &hf_myproto_payload,
{"Payload", "myproto.payload", FT_BYTES, BASE_NONE, NULL,
0x0, NULL, HFILL }},
};
/* Register protocol */
proto_myproto = proto_register_protocol("My Protocol", "myproto", "myproto");
/* Register protocol fields */
proto_register_field_array(proto_myproto, hf, array_length(hf));
/* Register the dissector */
register_dissector("myproto", dissect_myproto, proto_myproto);
}
解剖器对数据进行了一些一般性处理,但问题领域的核心似乎是:
static int
dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
void *data _U_)
{
proto_item *ti;
proto_tree *myproto_tree;
/* Create top tree and add to the item */
ti = proto_tree_add_protocol_format(tree, proto_myproto, tvb, 0, -1,
"My Protocol");
myproto_tree = proto_item_add_subtree(ti, ett_myproto);
proto_tree_add_bytes_format(myproto_tree, hf_myproto_payload,
tvb, 0, payload_len,
NULL, "Payload");
}
我需要做什么才能让协议正确填充子树?
这里的问题是无法将子树注册为子树数组的一部分(来自 here 的提示)。
这是在协议注册函数中完成的,需要"packaging"个子树变量(这里只有一个:ett_myproto)到一个数组中,然后使用proto_register_subtree_array:
static gint ett_myproto = -1;
void
proto_register_myproto(void)
{
/* Set up field array */
static hf_register_info hf[] = {
....
};
/* Register protocol */
proto_myproto = proto_register_protocol("My Protocol", "myproto", "myproto");
/* Register protocol fields */
proto_register_field_array(proto_myproto, hf, array_length(hf));
/* Setup and register all protocol subtrees */
static gint *ett[] = {
&ett_myproto,
};
proto_register_subtree_array(ett, array_length(ett));
/* Register the dissector */
register_dissector("myproto", dissect_myproto, proto_myproto);
}
ett 变量是索引,用于引用有关子树状态的 GUI 信息(例如展开与否)。