Ask Your Question
0

compile plugin with call to conversation_set_port2()

asked 2018-07-28 00:31:23 +0000

alexr gravatar image

updated 2018-07-31 15:17:30 +0000

Background:

I am writing a plugin dissector for a protocol that requires the use of conversations. The port in the second port/address pair for the conversation is determined in an OACK response to an initial packet. It's functionally identical to TFTP. In epan/dissectors/tftp.c on line 665, the dissector makes a call to conversation_set_port2 to handle modifying the conversation with the second port. conversation_set_port2 is defined in epan/conversation.c and declared as an extern in epan/conversation.h

Compiling my plugin fails with the following:

Build FAILED.
   "C:\Development\wireshark-build\Wireshark.sln" (default target) (1) ->
   "C:\Development\wireshark-build\plugins\epan\a615a\arinc615a.vcxproj.metaproj" (default target) (4) ->
   "C:\Development\wireshark-build\plugins\epan\a615a\arinc615a.vcxproj" (default target) (108) ->
   (Link target) ->
     packet-arinc615a.obj : error LNK2019: unresolved external symbol conversation_set_port2 referenced in function
    dissect_a615a [C:\Development\wireshark-build\plugins\epan\a615a\arinc615a.vcxproj]
     C:\Development\wireshark-build\run\RelWithDebInfo\plugins\2.9\epan\arinc615a.dll : fatal error LNK1120: 1 unre
   solved externals [C:\Development\wireshark-build\plugins\epan\a615a\arinc615a.vcxproj]

0 Warning(s)
2 Error(s)

Question:

A. What do I need to do to fix the unresolved external error?

OR

B. Am I doing something wrong in the way I am trying to modify the second port of the conversation?

Here is the relevant code snippet:

 }else if (conversation->options & NO_PORT_B){
            if (pinfo->destport == conversation_key_port1(conversation->key_ptr)){
               //Figure this compilation error out
               conversation_set_port2(conversation, pinfo->srcport);
            }
            else{
                return 0;
            }
        }

----------------------------- Update --------------------------------------

Per Jaap's answer, I am unable to use the function in question. My solution was to work around the issue by adding my own conversation-like functionality. For my specific application, I was able to do so in a fairly light-weight manner.

edit retag flag offensive close merge delete

Comments

Did you include epan/conversation.h?

Anders gravatar imageAnders ( 2018-07-28 06:51:54 +0000 )edit

Since this is a link problem it has nothing to do with include files.

Jaap gravatar imageJaap ( 2018-07-28 08:36:23 +0000 )edit

Anders yes, conversation.h is included, i'm using many other functions that are in it without problem.

alexr gravatar imagealexr ( 2018-07-28 18:57:43 +0000 )edit
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-07-28 08:38:35 +0000

Jaap gravatar image

The problems comes from the way Windows resolves function names among DLL's. It requires special notations to have them available for other DLL's. To this end in Wireshark code the symbol WS_DLL_PUBLIC was introduced. This is added to functions used in plugin dissectors. So far this has not been the case for conversation_set_port2, so it does not have this symbol added to its function definition, hence cannot be used in plugins.

edit flag offensive delete link more

Comments

The OP could add the link annotation and recompile, but the plugin would only be usable with their modified version of Wireshark.

grahamb gravatar imagegrahamb ( 2018-07-28 09:54:20 +0000 )edit

Ok, thanks for the info. I want to avoid modifying the rest of the code base so the plugin is more portable. Do you have a suggestion for an alternative way to modify the conversation port 2?

alexr gravatar imagealexr ( 2018-07-28 18:55:24 +0000 )edit

You could always push a change to Wireshark to export the symbol, so it would be available for everyone, but generally this would only be in the next stable release (3.0).

grahamb gravatar imagegrahamb ( 2018-07-28 19:10:00 +0000 )edit

I've checked in a change to export that function, and several other conversation functions for which there was no obvious reason not to export them, and backported it to the 2.6 branch, so it should be in the 2.6.3 release when it comes out.

Note that your plugin will NOT work with 2.6.0, 2.6.1, or 2.6.2,, so anybody who has Wireshark 2.6 but hasn't updated it is out of luck.

Guy Harris gravatar imageGuy Harris ( 2018-07-31 21:48:56 +0000 )edit

Great, thank you for doing that. I'll update my code to use those exports. I'd prefer that over my own implementation (per my edit to the question).

alexr gravatar imagealexr ( 2018-08-02 16:32:26 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-07-28 00:31:23 +0000

Seen: 653 times

Last updated: Jul 31 '18

Related questions

how to decode part of a message as IPv4 with a custom dissector?

build errors. First time cmake user

How can I make my custom packet dissector distributable?

custom C/C++ plugin will not load - no indication why

unable to add a plugin to wireshark

Custom Plugin not showing for wireshark group user but showing non-wireshark group user

Ignoring false bytes in tvb

how to invert two bytes in lua script dissector ?

How do I get and display packet data information at a specific byte from the first byte?

why protocol is not showing as HTTP even though we sent http request ?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2