This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t call AirPDcapPacketProcess from a plugin dissector

0
packet-foo.obj : error LNK2019: unresolved external symbol _AirPDcapPacket
Process referenced in function _try_decrypt
foo.dll : fatal error LNK1120: 1 unresolved externals

Currently, for some reason, even with all the includes added, there doesn't seem to be any linking occuring to airpdcap.c, where the definition and declaration for AirPDcapPacketProcess are.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <glib.h>
#include <epan/emem.h>
#include <epan/packet.h>
#include <epan/dissectors/packet-tcp.h>
#include <epan/prefs.h>
#include <epan/crypt/wep-wpadefs.h>
#include <math.h>
#include "packet-foo.h"
#include <epan/bitswap.h>
#include <epan/proto.h>
#include <epan/addr_resolv.h>
#include <epan/strutil.h>
#include <epan/etypes.h>
#include <epan/oui.h>
#include <epan/greproto.h>
#include <epan/crc32.h>
#include <epan/tap.h>
#include <epan/expert.h>
#include <epan/reassemble.h>
#include <glibconfig.h>
#include <gmodule.h>
#include <epan/crypt/airpdcap_ws.h>

Is there anything I am missing? Thanks.

asked 28 Jun '12, 11:52

Ian's gravatar image

Ian
10227
accept rate: 0%

edited 29 Jun '12, 20:12

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

One Answer:

1

It looks like you're trying to build a plugin rather than a built-in dissector.

AirPDcapPacket() is in epan/crypt but the symbol is NOT exported (in epan/libwireshark.def) so the symbol can't be used from plugins.

Options:

  1. Make your plugin a built-in dissector
  2. (or) add AirPDcapPacket() (and any other necessary symbols) to epan/libwireshark.def

answered 28 Jun '12, 13:58

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Apologies, I am indeed trying to build a plugin: however, libwireshark.def won't make the link for AirPDcapPacketProcess(), so is there any other other way to create a link (short of copying the functions and defintions from the .c to my plugin)?

(29 Jun '12, 06:24) Ian

Sorry, I'm not sure I understand... libwireshark.def does not currently export AirPDcapPacketProcess but you can add it--unless you want to run your plugin with an unmodified version of Wireshark in which case you'd have to open a bug and ask that Wireshark export the symbol.

I do assume that you're actually using the function in your plugin?

If so and if you don't want to modify Wireshark then, yes, copying the function (and any dependencies of that function) would be the only option.

(29 Jun '12, 14:05) JeffMorriss ♦

Mostly working when the function and dependencies were copied, I'll keep trucking away @ it. Thanks :)

(03 Jul '12, 06:03) Ian