Unable to detect loaded plugins on OSX, Wireshark 4.4.1

edit

I'm working on building wireshark plugins on OSX. I've generated .dylibs some via rust crates wsdf and plugshark on my macOS 14.5, M1 and wireshark-devel files, libwireshark.etc, wireshark gui, tshark versions all pointing to 4.4.1. Installed via homebrew.

I have a main project branch I'm working on here to solve some cross platform development issues here: https://github.com/amitrahman1026/wsd...

I want to know what is the reason they get detected correctly by wireshark upon start up, i.e wireshark is able to correctly detect the plugin dylibs.

However, when I try to select them from the filter menu on wireshark they don't appear. If i try to run it using tshark they don't parse correctly either.

This situation is quite similar to that described here with screenshots of the gui: https://github.com/ghpr-asia/wsdf/iss...

To share my investigations so far, this is what i found in the wireshark's source in /Users/amit/Rust/wsdf/epan-sys/wireshark/wsutil/filesystem.cwhich hints at how plugins are handled by wireshark over here: https://gitlab.com/wireshark/wireshar...

 * It also says that the "PlugIns" directory
 *
 *    Contains loadable bundles that extend the basic features of your
 *    application. You use this directory to include code modules that
 *    must be loaded into your applicationbs process space in order to
 *    be used. You would not use this directory to store standalone
 *    executables.
 *
 * Our plugins are just raw .so/.dylib files; I don't know whether by
 * "bundles" they mean application bundles (i.e., directory hierarchies)
 * or just "bundles" in the Mach-O sense (which are an image type that
 * can be loaded with dlopen() but not linked as libraries; our plugins
 * are, I think, built as dylibs and can be loaded either way).

I inspected the types of shared objects that I placed in the plugin dir, where I had copied over the plugins appropriately.

• libudp.so that was generated by wsdf using cargo build --features bindgen --examples to generate fresh ffi bindings for my OSX.
• libfoo.so that was generated by plugsharkthe build script here https://github.com/Gbps/plugshark/blo...

``` ❯ pwd /Applications/Wireshark.app/Contents/PlugIns/wireshark/4-4/epan

❯ file libfoo.so libudp.so ethercat.so
libfoo.so:   Mach-O 64-bit dynamically linked shared library arm64
libudp.so:   Mach-O 64-bit dynamically linked shared library arm64
ethercat.so: Mach-O 64-bit bundle arm64

❯ otool -L ethercat.so libudp.so libfoo.so
ethercat.so:
    @rpath/libwireshark.18.dylib (compatibility version 18.0.0, current version 18.0.1)
    @rpath/libwsutil.16.dylib (compatibility version 16.0.0, current version 16.0.0)
    @rpath/libglib-2.0.0.dylib (compatibility version 7601.0.0, current version 7601.6.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1319.100.3)
libudp.so:
    /Users/amit/Rust/wsdf/target/debug/examples/libudp-8ffa7cef0dd88156.dylib (compatibility version 0.0.0, current version 0.0.0)
    /opt/homebrew/opt/wireshark/lib/libwireshark.18.dylib (compatibility version 18.0 ...