search

greatscottgadgets / libbtbb

A Bluetooth baseband decoding library
GNU General Public License v2.0
184 stars 88 forks source link

Wireshark plugin and alignment of the hf_register_info array. #42

Closed djwbrown closed 8 years ago

djwbrown commented 8 years ago

With Wireshark 2.0.3, I've found that the plugin won't load (segfault on startup) due to a misalignment of the hf_register_info array-of-structs.

void proto_register_field_array(const int parent, hf_register_info *hf, const int num_records) This function in Wireshark expects the data to be packed into 80-byte structures. I've checked with GDB and sizeof(hf_register_info) evaluates to 80. Relevant line is proto.c:5732.

My btbb.so plugin is providing 88-byte structs (at least the first two are). I believe the int id and int parent, initialized by the HFILL macro, need to be 32-bit. Maybe there is a compiler flag needed to prevent the padding?

3.19.0-59-generic 14.04.1-Ubuntu x86_64 GNU/Linux, wireshark-2.0.3

djwbrown commented 8 years ago

Sorry about the confusion! Looks like I was linking against an older version of libwireshark-dev rather than building against the up-to-date wireshark-2.0.3 source. I removed the libwireshark-dev package and modified the CMakeLists file to point to my wireshark-2.0.3 source. Seems to have resolved the issue.