Ask Your Question
0

Plugin not loading -Wireshark 2.9

asked 2018-10-28 15:36:26 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hello, I had a working plugin back on version 2.2; it was compiled under VS2015\Win7. Recently I was attempting to adjust my plugin for the latest Wireshark (2.9) and Win10. So I've downloaded the latest code and built the 64bit libs, and then I had my plugin compiled and linked with those libs. (Had to do minor changes, and relocate my plugin to the plugins/2.9/epan folder for some reason) Compilation went OK, no warnings, I've also placed a break point under proto_register_protocol() call, just to see that Wireshark is loading my plugin, and indeed Wireshark stopped its execution at my break point. However I could not point to my plugin in the User DLT table, I got a red error "dissector not found".

I really don't know how to debug this, any clue?

/* Partial code */

    ProtoEssence = proto_register_protocol("My Protocol",  "Protocol",   "protocol" );
    proto_register_field_array(ProtoEssence, pInfo->pRegInfo, pInfo->RegItemsCount);
    proto_register_subtree_array(ett, array_length(ett));
    register_dissector("protocol", dissect_ecpo1, ProtoEssence);

I can actually see my plugin version and name under Help -> About -> Plugins however, creating User 0 entry resulting in Wireshark not recognizing 'protocol' as registered dissector though everything looks right.

10x Eitan

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-10-29 14:53:16 +0000

cmaynard gravatar image

I would highly recommend that you (re)read README.plugins to be sure you didn't miss any changes from when you developed your plugin for Wireshark 2.2.

And it's always a good idea to have a look at the Wireshark-supplied plugins, such as gryphon, as good examples to follow too.

edit flag offensive delete link more

Comments

Just did and found that the plugins interface was recently changed, I wish Wireshark would be more forgiving \ backwards compatible for older plugins in the future :)

Eitan Michaelson gravatar imageEitan Michaelson ( 2018-10-30 09:41:45 +0000 )edit

Hi Eithan, one may always hope, but I'm afraid you'd be disappointed. The (dissector) plugin interface is considered an internal interface to Wireshark (or rather, the Wireshark dissection engine) and this is constantly being worked on / improved, even if that influences dissectors (building or plugin). We'll take care of the build in dissectors, you may do yours. :)

Jaap gravatar imageJaap ( 2018-10-30 12:57:05 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-10-28 15:36:26 +0000

Seen: 1,741 times

Last updated: Oct 29 '18