plugin.example hello.c

asked 2024-11-06 06:08:30 +0000

amit1026
1 ●1 ●2 ●3

updated 2024-11-06 08:52:46 +0000

Hi all,

In what situations can you compile the hello.c example plugin

https://gitlab.com/wireshark/wireshar...

such that it will get detected under About Wireshark > Plugins, But unable to be found under the filter search.

The relevant filtername should be "hello_ws" however it doesn't seem to found be anywhere.

Trying to find it on tshark doesn't work either.

❯ tshark -Y "hello_ws" -V
tshark: "hello_ws" is not a valid protocol or protocol field.
    hello_ws
    ^~~~~~~~

This is all for release 4.4.1, built via brew.

And I compiled it using

 clang -shared hello.c -o hello.so $(pkg-config --cflags wireshark) $(pkg-config --libs wireshark) -Wall -fPIC

I am trying to understand this because I'm currently working on building some custom plugins for various platforms but I can't seem to get this example working.

I have tried to use a linux docker image to replicate the same compilation steps.

This is the Dockerfile

FROM debian:bookworm

# sid repository for unstable packages because I'm testing for 4.4.1
RUN echo "deb http://deb.debian.org/debian/ sid main" > /etc/apt/sources.list.d/sid.list

RUN apt-get update && \
    apt-get install -y \
    git \
    cmake \
    build-essential \
    clang \
    wireshark=4.4.1-1 \
    wireshark-dev=4.4.1-1 \
    tshark=4.4.1-1 \
    libwireshark-dev=4.4.1-1 \
    libglib2.0-dev \
    libglib2.0-dev-bin \
    && rm -rf /var/lib/apt/lists/*

ENTRYPOINT ["/bin/bash"]

Once insider the container, I run

 clang -shared hello.c -o hello.so $(pkg-config --cflags wireshark) $(pkg-config --libs wireshark) -Wall -fPIC

Copy the hello.so into the right dir (found with tshark -G folders)

cp hello.so /usr/lib/aarch64-linux-gnu/wireshark/plugins/4.4/epan/

And I am able to run the plugin perfectly.

root@c0b132d27190:/plugin# tshark -Y "hello_ws"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'eth0'

What am I missing in compilation on macOS?

edit retag flag offensive close merge delete

Comments

You might read through this - Out of Tree Dissector Build Problems on Windows.
Get it working with the full build the first time around.

Chuckc ( 2024-11-06 14:38:58 +0000 )edit

Hi, thank you for the resource! The problem turned out to be that compiling the plugin in the manner I did so, resulted in the shared object being built with absolute paths, whereas, on my macos, my tshark & wireshark seemed to be references @rpaths which "otool -L $(which tshark) showed.

The momentary fix seems to be to change the install paths to @rpaths as expected

install_name_tool -change "/opt/homebrew/opt/wireshark/lib/libwireshark.18.dylib" "@rpath/libwireshark.18.dylib" hello.so install_name_tool -change "/opt/homebrew/opt/wireshark/lib/libwsutil.16.dylib" "@rpath/libwsutil.16.dylib" hello.so

But I will try to look for a more robust solution

amit1026 ( 2024-11-06 15:10:19 +0000 )edit

add a comment

process_plugin() { local plugin_path="$1" echo "Starting plugin post-processing..." echo "Input plugin: $plugin_path" echo if [ ! -f "$plugin_path" ]; then echo "Error: Plugin file not found: $plugin_path" return 1 fi local filename=$(basename "$plugin_path") local dirname=$(dirname "$plugin_path") # Show initial state echo "Initial library dependencies:" otool -L "$plugin_path" | grep -E "libw[^[:space:]]+\.dylib" echo # If it's a .dylib, rename it to .so if [[ "$filename" == *.dylib ]]; then local new_filename="${filename%.dylib}.so" mv "$plugin_path" "$dirname/$new_filename" plugin_path="$dirname/$new_filename" echo "Renamed $filename to $new_filename" echo fi # Wireshark-related library dependencies from the plugin local deps=$(otool -L "$plugin_path" | grep -E "libw[^[:space:]]+\.dylib" | awk '{print $1}') # System wireshark rpath references echo "Getting reference paths from system Wireshark..." local wireshark_refs=$(otool -L $(which tshark) | grep -E "@rpath/libw[^[:space:]]+\.dylib" | awk '{print $1}') while IFS= read -r dep; do if [ -n "$dep" ]; then local lib_name=$(basename "$dep") local rpath_ref=$(echo "$wireshark_refs" | grep "$lib_name" || true) if [ -n "$rpath_ref" ]; then echo "Converting $dep" echo " to $rpath_ref" install_name_tool -change "$dep" "$rpath_ref" "$plugin_path" else echo "Warning: No matching rpath reference found for $lib_name" fi fi done <<< "$deps" echo echo "Final library dependencies:" otool -L "$plugin_path" | grep -E "libw[^[:space:]]+\.dylib" echo echo "Post-processing complete for $plugin_path" return 0 }

Comments

As it turns out, how macOS deals with dynamic libraries as plugins is different,

Yes, the standard suffix on macOS is .dylib rather than .so.

Perhaps the plugin loading code should, on macOS, support both suffixes for plugins.

Guy Harris ( 2024-11-08 18:10:17 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

plugin.example hello.c

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

plugin.example hello.c edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

plugin.example hello.c