Wireshark-users: Re: [Wireshark-users] V1.0.0pre1 & MIB Files

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Sat, 22 Mar 2008 11:25:32 +0100
Hi,

Frankly, I don't get warm fuzzy feelings with libraries which are to *support* our program and make it crash when fed bad data. Especially since the data is not in our control (UAT configurable). Bottom line: It should be fixed in the lib, not with (commandline) tools that are alien to the users.

Thanx,
Jaap

Andrew Hood wrote:
Keith French wrote:
Jaap,

Thanks for that. Just to check I am doing things correctly though, as I
cannot get it to work. I have copied the MIBS into the

program files\Wireshark\snmp\mibs

folder and they are the same MIBs that I had working in an earlier
versions. An example of one MIB name is:-

IC-GENERAL-MIB

Then in the bottom button for the MIBs to load I have entered the same
name exactly.

However, when I do this and restart Wireshark, it crashes as it starts
to load. If I uninstall & reinstall Wireshark (or just delete the MIB
from the above folder), when it next runs a dialog comes up to tell me
it fails to load as it says it can't find my MIBs. Of course
uninstalling Wireshark removes the MIB so it would say that.

Have you read through the MIB and made sure all other MIBs referenced in
IMPORTS clauses are also in the directory? And recursively done the same
for them?

Download
ftp://ftp.ibr.cs.tu-bs.de/pub/local/libsmi/WIN32/libsmi-0.4.6.zip and
unpack in c:\ (The location is not easy to change. Read
ftp://ftp.ibr.cs.tu-bs.de/pub/local/libsmi/WIN32/README for the story.
If you want to put it elsewhere you'd do better to start from the
source. Or read up on the ".smirc" config file.)

smilint \full\path\to\IC-GENERAL-MIB

See what it complains about.

smidump -f imports \full\path\to\IC-GENERAL-MIB

See what it depends on.

In the previous versions I had to copy the MIB into the MIBs folder with
a ".txt" extension (IC-GENERAL-MIB.txt) and list it just as
IC-GENERAL-MIB in the MIBs to load.

I have tried this as well & Wireshark still crashes. I have attached
screenshots of the crash. If you think this is a bug, I'll raise it on
bugzilla.

libsmi is much more picky when it comes to parsing MIBs than NetSNMP.
NetSMNP will just give up on OIDs within a MIB if it can not find all
the prerequisites. libsmi will cause Wireshark to crash. Whether this is
entirely libsmi's fault, or Wireshark is not checking that the MIBs have
loaded correctly I don't know.

I would suggest that at least smilint and smidump from the libsmi suite,
and a ".smirc" suitably editted by the installer, be included with
Wireshark distributions so the users can work out which MIBs will crash
Wireshark. People who build Wireshark on non-Windows platforms will
already have access to all the libsmi tools.

The OpenNMS community run into the same issues with their tool
"mib2opennms" which is also based on libsmi, and crashes in pretty much
the same way.