Ask Your Question
0

Getting started with building a dissector

asked 2023-04-17 14:46:24 +0000

gbernaldo82 gravatar image

Hi, good afternoon!

I've followed the instructions as described here (https://www.wireshark.org/docs/wsdg_h...) to create a custom dissector based on the sample and I'm getting some trouble trying to load the dissector.

First of all, let me say that I'm not building wireshark (and I don't want to get into that if not needed). I'm using the packages available on my system (Fedora Core 36). Those packages are: wireshark and wireshark-devel.

The thing Is I've been able to build the plugin (as shared object) but after loading into wireshark I see the plugin loaded but I cannot find the filter. I mean, I load a pcap file with the traffic related to the plugin and when I type the "sdts" in the filter bar, I cannot see it.

if I type: tshark -G plugins in the command line I get the sdts loaded but when I click on View -> Internals -> Supported Protocols I can't find the dissector.

Please, can anyone help me with this?

NOTE: I tried to paste some images and source code to give more details about my problem but I couldn't.

edit retag flag offensive close merge delete

Comments

You never said if the traffic related to the plugin is actually dissected by your plugin. Does it, or not?

Looks like there's something off with the way you register your dissector with the dissection engine. Try posting the registration and handoff part of the code on pastebin or alike and add a link here.

Jaap gravatar imageJaap ( 2023-04-18 09:13:30 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-04-18 14:43:40 +0000

Chuckc gravatar image

updated 2023-04-18 14:46:19 +0000

For those following along with the home game, instructions here for building a plugin "out of tree":
doc/plugins.example

With these changes to hello.c to get rid of requirement for wireshark.h from the source tree:
(This is for build using wireshark-dev/jammy,now 3.6.2-2 amd64 [installed] on Ubuntu) 

/* #include <wireshark.h> */

/*
WS_DLL_PUBLIC_DEF const int plugin_want_major = WIRESHARK_VERSION_MAJOR;
WS_DLL_PUBLIC_DEF const int plugin_want_minor = WIRESHARK_VERSION_MINOR;
*/
WS_DLL_PUBLIC_DEF const int plugin_want_major = 3;
WS_DLL_PUBLIC_DEF const int plugin_want_minor = 6;
edit flag offensive delete link more

Comments

My mistake not using the 3.6 branch example for hello.c which uses the old layout for header files.

Chuckc gravatar imageChuckc ( 2023-04-19 12:19:36 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2023-04-17 14:46:24 +0000

Seen: 790 times

Last updated: Apr 18 '23