c - 填充子树时出现 Wireshark C 解剖器错误

Question

我有一个简单的 Wireshark 解析器，它在针对捕获运行时抛出以下错误警告:

13:04:12          Warn Dissector bug, protocol usbserial, in packet 353: /wireshark/epan/proto.c:5504: 
failed assertion "idx >= 0 && idx < num_tree_types" 

协议(protocol)注册函数如下所示:

static gint ett_myproto = -1;

void 
proto_register_myproto(void)
{
    /* Set up field array */
    static hf_register_info hf[] = {
        { &hf_myproto_payload,
            {"Payload", "myproto.payload", FT_BYTES, BASE_NONE, NULL,
                0x0, NULL, HFILL }},
    };

    /* Register protocol */
    proto_myproto = proto_register_protocol("My Protocol", "myproto", "myproto");
    /* Register protocol fields */
    proto_register_field_array(proto_myproto, hf, array_length(hf));

    /* Register the dissector */
    register_dissector("myproto", dissect_myproto, proto_myproto);
}

解剖器对数据进行了一些一般性处理，但问题领域的核心似乎是:

static int
dissect_myproto(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree,
        void *data _U_)
{
    proto_item *ti;
    proto_tree *myproto_tree;

    /* Create top tree and add to the item */
    ti = proto_tree_add_protocol_format(tree, proto_myproto, tvb, 0, -1,
            "My Protocol");
    myproto_tree = proto_item_add_subtree(ti, ett_myproto);

    proto_tree_add_bytes_format(myproto_tree, hf_myproto_payload,
            tvb, 0, payload_len,
            NULL, "Payload");
}

我需要做什么才能让协议(protocol)正确填充子树？

Answer 1

这里的问题是未能将子树注册为子树数组的一部分(来自 here 的提示)。

这是在协议(protocol)注册函数中完成的，需要将子树变量(这里只有一个:ett_myproto)“打包”成一个数组，然后使用注册该数组>proto_register_subtree_array:

static gint ett_myproto = -1;

void 
proto_register_myproto(void)
{
    /* Set up field array */
    static hf_register_info hf[] = {
        ....
    };

    /* Register protocol */
    proto_myproto = proto_register_protocol("My Protocol", "myproto", "myproto");
    /* Register protocol fields */
    proto_register_field_array(proto_myproto, hf, array_length(hf));

    /* Setup and register all protocol subtrees */
    static gint *ett[] = {
        &ett_myproto,
    };

    proto_register_subtree_array(ett, array_length(ett));

    /* Register the dissector */
    register_dissector("myproto", dissect_myproto, proto_myproto);
}

ett 变量是用于引用有关子树状态(例如，是否展开)的 GUI 信息的索引。