Wireshark-dev: Re: [Wireshark-dev] Warning about radius directory

From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Sat, 27 Jan 2007 03:52:25 +0100
On 1/27/07, Andrej Mikus <wireshark-dev@xxxxxxxx> wrote:
Thanks for comments.

Of course, I removed the message to stop coming out after I realized
that it is coming before preferences.

Creating file in my system does not address this problem for others.

Yep but Others usually install either with make install or from a
package that has the dictionary.

If you are tailoring a custom ws and  do not need radius why do you
compile it to begin with you may save much more space removing  550
protocols that you don't need than removing the radius dictionary.

Elegant solution would be perhaps to postpone reading the directory until
it is really needed.

the hfarray is generated from the radius dictionary, it needs to be
registered at protocol registartion, at most at protocol handoff,
that's when its needed.

To filter on radius.UserName may be unelegant. Why a network
administrator would ever need that?

Alternatively, put the error message to tree output of relevant packets.
This way the user would realize very fast why his packets are not
decoded, while others do not see irrelevant warning.

That could be an Idea...

I am still wondering whether radius is the only dissector that uses
external file. If not, how do the others handle this kind of issue?

XML uses DTDs in the dtds directory but if it does not find any dtds
it does not register any extra protocols. For XML each DTD registers a
different protocol, the catch-all XML protocol gets registered anyway
but does not allow you to filter on a.b == bbb when there's
<a><b>bbb<\b><a>

Diameter does what you said before it tries to load the diictionary at
the first diameter packet, but diameter does not allow YET to filter
on contents of AVPS (i.e  diameter.UserName does not exist, that's
sad).

AFAIK I'm the only one that has written such user configurable
dissectors so far...

I also failed to understand why tshark does not give this warning message.

maybe g_warning is handled differently (?)


Regards
Andrej


On Sat, 27.Jan.07 01:55:35 +0100, Luis Ontanon wrote:
> The radius dictionary gets loaded way before preferences are
> evaluated. Giving no warning and then having the packets undecoded
> isn't elegant.
>
> Your patch suppresses the error altoghether which is not a nice solution.
>
>
> What you can do is just add a dummy radius dir and a dummy dictionary:
>
> $ cd $WIRESHARK_DATA
> $ mkdir radius
> $ touch radius/dictionary
>
> 3 commands and the Warning is gone.
>
>
> On 1/27/07, Andrej Mikus <wireshark-dev@xxxxxxxx> wrote:
> > Team,
> >
> > I notice that wireshark emits unconditionally warning mentioning that it
> > Could not find the radius directory.
> >
> > I do not think that radius dictionary is needed for operation in all
> > environments, is is possible to move this output to some kind of
> > diagnostics mode?
> >
> > Based on my search, it appears there for some time:
> > http://www.wireshark.org/lists/wireshark-bugs/200610/msg00501.html
> >
> > I applied following patch:
> >
> > Index: epan/dissectors/packet-radius.c
> > ===================================================================
> > --- epan/dissectors/packet-radius.c     (revision 20564)
> > +++ epan/dissectors/packet-radius.c     (working copy)
> > @@ -1469,7 +1469,6 @@
> >                 dict = radius_load_dictionary(dir,"dictionary",&dict_err_str);
> >         } else {
> >                 dict = NULL;
> > -               dict_err_str = g_strdup("Could not find the radius directory");
> >         }
> >
> >         g_free(dir);
> >
> >
> > Thanks
> > Andrej
> > _______________________________________________
> > Wireshark-dev mailing list
> > Wireshark-dev@xxxxxxxxxxxxx
> > http://www.wireshark.org/mailman/listinfo/wireshark-dev
> >
>
>
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan