On Sun, May 23, 2021 at 8:06 AM Antonello Tartamo <
antonellotart...@gmail.com> wrote:
> Hello everyone,
> I'm trying to create an ethernet dissector for a custom protocol working
> on L2.
>
> In proto_reg_handoff_myproto() function I've called:
> heur_dissector_add("eth", dissect_myproto, "MyProtocol", "mp", proto_mp,
> HEURISTIC_ENABLE);
> eth_handle = find_dissector("eth_withoutfcs");
>
> then in the dissect_myproto function when I call:
> tvbuff_t* next_tvb = tvb_new_subset_remaining(tvb, 0);
> int new_off = call_dissector(eth_handle, tvb, pinfo, tree);
> return new_off;
>
> I get the following two errors on the terminal:
> ** (wireshark:11483): WARNING **: 07:31:59.826: Dissector bug, protocol
> Ethernet, in packet 12: /home/osboxes/Devel/wireshark/epan/packet.c:2794:
> failed assertion "saved_layers_len < 500"
>
> ** (wireshark:11483): WARNING **: 07:31:59.826: Dissector bug, protocol
> Ethernet, in packet 12: /home/osboxes/Devel/wireshark/epan/packet.c:775:
> failed assertion "saved_layers_len < 500"
>
> I'm running the development wireshark with ./run/wireshark.
>
> I think the error is due to the fact the both the heuristic dissector and
> the "find_dissector" are ethernet based.
> Is there another way to reuse the ethernet dissector and avoid manually
> adding to the tree the src/dst mac addresses and the ethertype ?
>
The error is that the number of layers in the packet is too large (and that
variable is only 8 bit.) While it's possible to run into that assertion
legitimately with some protocols that have a disgusting amount of PDUs and
encapsulation, you have an infinite loop.
eth_handle calls dissect_eth_common, which calls dissector_try_heuristic
which eventually calls your dissect_myproto.
But dissect_myproto hands the tvb back unchanged to the Ethernet dissector,
which will call dissect_myproto, ad infinitum.
Is dissect_myproto being called in any other way? If not, then there's no
reason to call eth_handle there after you've registered it as a heuristic
dissector with Ethernet. It doesn't call the Ethernet dissector; it's
called by it. (It's also fine if it's being called by
dissector_add_uint("ethertype", ETHERTYPE_MYPROTO, myproto_handle) or
dissector_add_for_decode_as[_with_preference]("ethertype", myproto_handle)
as well.)
If it's being called by something else (whether a custom DLT or whatever),
then whatever else is calling it shouldn't call the same function as being
registered in the heuristic dissector. It should call a different function.
John Thacker
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
