Wireshark-dev: Re: [Wireshark-dev] Need help in debugging custom plugin on linux

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 16 Sep 2008 09:56:13 +0200
Hi,

On the binary search thing: this is useful if you have a capture with a single offending packet in it. Then split the capture in two (using editcap) and test both halves. One of them breaks Wireshark, so repeat with that one, until you have a small capture (ideally a single packet) which causes the crash. Then drill down into that packet, checking the code path through your dissector and see what goes wrong.

Thanx,
Jaap

siri m wrote:
Hi Jaap/Ronnie,

Yes, I have access to the custom plugin code. I am using totalview to attach to wireshark (trying to follow similar procedure as discussed in http://www.wireshark.org/lists/wireshark-users/200808/msg00024.html for XP), however, totalview is unable to find debugging symbols in wireshark that I installed from yum repository. Should we re-compile wireshark using some debug flag, can you please let me know what the procedure is? The backtrace that I am getting after it core dumps is not showing any code specific to the custom plugin..(However, the custom plugin binary has the debug symbols...):

Jaap, About the second option, to do a (binary) search for the offending packet in a capture -- can you please elaborate on how to achieve this?

Thanks a lot for your suggestions,


On Mon, Sep 15, 2008 at 11:01 PM, ronnie sahlberg <ronniesahlberg@xxxxxxxxx <mailto:ronniesahlberg@xxxxxxxxx>> wrote:

    Do you have access to the source code?

    If you do not, it may be "difficult".


    On Tue, Sep 16, 2008 at 10:59 AM, siri m <svu004@xxxxxxxxx
    <mailto:svu004@xxxxxxxxx>> wrote:
     > Hi,
     >
     >
     >
     > Can someone give a brief summary of how to debug custom written
    external
     > plugins for wireshark on linux (using kdbg or gdb)? Any
    suggestions would be
     > helpful to debug an invalid frees that glibc is complaining in
    the custom
     > plugin that was written long back by someone?
     >
     >
     >
     > Thanks,
     >