Ask Your Question
0

LNK2001 error building WS with custom dissector

asked 2024-03-05 12:27:10 +0000

mario15197 gravatar image

updated 2024-03-05 17:12:01 +0000

Hello!

I'm currently working on updating & modifying a custom CAN dissector for Wireshark 2.4.7 that can be found here: https://canlogger.csselectronics.com/...

Problem is, when following the build guide for Windows there's no problem when building the "clean" Wireshark cloned from git, but when adding the dissector, at the building step I get this error LNK2001: unresolved external symbol open_routines.......

This open_routines function is needed (from what've seen in the code) to read the some DBC files required for this plugin/dissector to work. Also, I've double checked that the correct header files are included in the dissector

Currently, the only function where open routines is being used is in the following function:

static wtap_open_return_val dbc_multirow_open    (wtap *wth, int *err, gchar **err_info, const char *name){
wtap_open_return_val ret = WTAP_OPEN_NOT_MINE;
unsigned int real_type;

dbc_multi_row_active = FALSE;
if (dbc_multi_row == FALSE)
    return ret;

real_type = open_info_name_to_type(name);
if (real_type != WTAP_TYPE_AUTO)
    ret = open_routines[real_type - 1].open_routine(wth, err, err_info); 

if (ret == WTAP_OPEN_MINE && wth->file_encap == WTAP_ENCAP_SOCKETCAN)
{
    dbc_multirow_orig_wtap = *wth;

    wth->subtype_read      = dbc_multirow_read;
    wth->subtype_seek_read = dbc_multirow_seek_read;

    dbc_multirow_frame_no = 0;
    dbc_multirow_signal_count = 0;
    dbc_multi_row_active = TRUE;
}

return ret; }

AFAIK, it's responsible for opening the DBC files and expects either a MINE/NOT_MINE/ERROR value. If I force it to have a MINE, Wireshark builds but crashes when loading the DBC files.

Here's the error (in spanish) for more context. error

Thanks!!!!

edit retag flag offensive close merge delete

Comments

And there's the error, converted from small text, some of which is red-on-black, to regular text for the benefit of older readers with older eyes, and Google-translated while I'm at it:

xproj]
  cl : command line  warning D9025: overriding '/WI' with '/w' [C: \Development\wsbuild64\wiretap\wiretap.vcxproj]

'C: Development\wsbuild64\Wireshark.sln' (default destination) (1) ->
'C: Development\wsbuild64 wireshark.vexproj.metaproj' (default destination) (2)
'C: Development\ wsbuild64 epan\epan.vexproj.metaproj' (default destination) (8) ->
'C: \Development\wsbuild64\epan \epan.vexproj" (default destination) (140) ->
  command line warning D9025: overriding '/W1' with '/w' [C: \Development\wsbuild64\epan\epan.vexproj]
  command line warning D9025: overriding '/W1' with '/w' [C: \Development\wsbuild64\epan\epan.vexproj]
  command line warning D9025: overriding '/W1' with '/w' [C: \Development\wsbuild64\epan\epan.vexproj
"C: \Development\wsbuild64\Wireshark.sin" (default destination) (1) ->
"C: \Development\wsbuild64\wireshark.vexproj.metaproj" (default destination) (2) ->
'C ...
(more)
Guy Harris gravatar imageGuy Harris ( 2024-03-06 19:59:06 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-03-06 20:22:07 +0000

Guy Harris gravatar image

That company's plugin is badly-designed. It attempts to register libwiretap routines in the dissector registration routines, and seems to have some weird code that hijacks the pcap and pcapng libwiretap file reading code.

That means that it relies on internal details of libwireshark that we never intended to be made available even to the rest of Wireshark, much less to plugins.

It will take some time to figure out how to make that work more cleanly.

edit flag offensive delete link more

Comments

Hi! Thank you for shedding light on the issue. There's any workarounds or alternatives to explore in order to solve this? We've been able to compile the program fine on the newest 4.3.0 version on Linux, registering it as a built in heuristic dissector rather than a plugin, but facing different problems when trying to cross-compile back to Windows

mario15197 gravatar imagemario15197 ( 2024-03-12 10:13:45 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2024-03-05 12:27:10 +0000

Seen: 127 times

Last updated: Mar 06