I have a wireshark dissector plugin. I also have a wireshark installed from apt-get.
The wireshark loads fine without the plugin inserted in the right place. When I include the plugin .so file and try to run wireshark, I get the following error:
$ wireshark
08:23:45 Err register_subtree_array: subtree item type (ett_...) not -1 ! This is a development error: Either the subtree item type has already been assigned or was not initialized to -1.
Trace/breakpoint trap (core dumped)
I tried understanding the problem. It says the subtree was already assigned (I'm assuming assigned an ett value) or was not initialized with -1. there are 3 files in my plugin where the API is called and I checked the values of ett[] being supplied to the API in each of these places. They are all initialized to -1.
Stuck in a roadblock. Any suggestion would be helpful.
Also, I do not understand where wireshark dumps the core. I could not find any core. Any idea about this?
Generally, if you want to insert a plugin into a program, you have to ensure that the library API that the plugin was compiled against is the same as that provided by the program.
Unless wireshark provides documented versioning in its library API, this means that you have to have the plugin compiled against the same version of wireshark that you intend to use it with. So, if you compile your wireshark or the plugin yourself, you should compile the other as well. If you get your plugin in binary form, you should get your wireshark also from exactly the same place, otherwise you may not know if the two are compatible or not. If you only get a core dump when you insert the plugin, that's a strong indication that the two may not be compatible.