Ask Your Question
0

Custom plugin stopped working with 4.0.4

asked 2023-04-05 14:39:13 +0000

jlshuman1961 gravatar image

updated 2023-04-05 19:50:52 +0000

I have a custom plugin pair that is a modification of the Wireshark smtp and imf source code from v4.0.3 source files. Thesse plugins add some capabilities to the base smtp and imf code. The plugins work fine with versions 4.0.0, 4.0.1, 4.0.2, and 4.0.3 of Wireshark, but fails with v4.0.4 of Wireshark. What changed from 4.0.3 to 4.0.4 to cause this? Or has something changed with the smtp and/or imf code that I need to get an update for? I need my plugin to work for all 4.0.x versions of Wireshark. I can't be building new versions for every minor release of Wireshark.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2023-04-05 14:49:30 +0000

Chuckc gravatar image
edit flag offensive delete link more

Comments

Any idea when 4.0.5 will be available?

jlshuman1961 gravatar imagejlshuman1961 ( 2023-04-05 20:18:50 +0000 )edit

https://wiki.wireshark.org/Developmen...

Release Expected Date   Notes
4.0.5   April 12, 2023      Next maintenance release of the 4.0 branch
Chuckc gravatar imageChuckc ( 2023-04-05 21:14:49 +0000 )edit

Thanks, I will wait for 4.0.5.

jlshuman1961 gravatar imagejlshuman1961 ( 2023-04-06 12:17:54 +0000 )edit
0

answered 2023-04-06 06:42:08 +0000

Guy Harris gravatar image

Or has something changed with the smtp and/or imf code that I need to get an update for?

No, something has changed in the core Wireshark dissection library that would require that plugins for 4.0.{0,1,2,3} be compiled with the 4.0.0 or 4.0.1 or 4.0.2 or 4.0.3 source and plugins for 4.0.4 be compiled with the 4.0.4 source.

Plugins compiled with the 4.0.0 or 4.0.1 or 4.0.2 or 4.0.3 source should work with 4.0.5.

But if you're that dependent on the SMTP and IMF code, either:

  • if the changes aren't for SMTP changes incompatible with RFC 5321 SMTP or Internet message format changes incompatible with RFC 5322 Internet messages, and aren't adding support for some private extensions that other users of Wireshark are unlikely to ever see in captured traffic, you should consider making a pull request with your changes, so you no longer need to maintain modified versions of Wireshark code;
  • otherwise, you might want to see whether this could be done by, instead of modifying the SMTP and IMF dissectors, adding to those dissectors some ability to call plugin dissectors to handle your changes, and, if so, make a pull request with changes to add that ability, so you don't need to maintain modified versions of Wireshark code, you only need to maintain the extension plugins (that won't prevent the code from breaking due to mistaken ABI changes in a dot-dot release, but it might reduce the number of possible mistaken ABI changes that would cause it to break).
edit flag offensive delete link more

Comments

Thank you! I will wait for 4.0.5.

jlshuman1961 gravatar imagejlshuman1961 ( 2023-04-06 12:17:30 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2023-04-05 14:39:13 +0000

Seen: 194 times

Last updated: Apr 06 '23