Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2024-11-06 06:08:30 +0000

amit1026 gravatar image

plugin.example hello.c

Hi all,

In what situations can you compile the hello.c example plugin

https://gitlab.com/wireshark/wireshark/-/tree/release-4.4/doc/plugins.example

such that it will get detected under About Wireshark > Plugins, But unable to be found under the filter search.

The relevant filtername should be "hello_ws" however it doesn't seem to found be anywhere.

Trying to find it on tshark doesn't work either.

❯ tshark -i en0 -Y "hello_ws" -V
tshark: "hello_ws" is not a valid protocol or protocol field.
    hello_ws
    ^~~~~~~~

This is all for release 4.4.1, built via brew.

And I compiled it using 

    clang -shared hello.c -o hello.so \
  -I/opt/homebrew/opt/wireshark/include/wireshark \
  -I/opt/homebrew/opt/glib/include/glib-2.0 \
  -I/opt/homebrew/opt/glib/lib/glib-2.0/include \
  -L/opt/homebrew/opt/wireshark/lib \
  -L/opt/homebrew/opt/glib/lib \
  -lwireshark -lwiretap -lwsutil -lglib-2.0

I am trying to understand this because I'm currently working on building some custome plugins but i can't seem to get this example working.

plugin.example hello.c

Hi all,

In what situations can you compile the hello.c example plugin

https://gitlab.com/wireshark/wireshark/-/tree/release-4.4/doc/plugins.example

such that it will get detected under About Wireshark > Plugins, But unable to be found under the filter search.

The relevant filtername should be "hello_ws" however it doesn't seem to found be anywhere.

Trying to find it on tshark doesn't work either.

❯ tshark -i en0 -Y "hello_ws" -V
tshark: "hello_ws" is not a valid protocol or protocol field.
    hello_ws
    ^~~~~~~~

This is all for release 4.4.1, built via brew.

And I compiled it using 

  clang -shared hello.c -o hello.so \
  -I/opt/homebrew/opt/wireshark/include/wireshark \
  -I/opt/homebrew/opt/glib/include/glib-2.0 \
  -I/opt/homebrew/opt/glib/lib/glib-2.0/include \
  -L/opt/homebrew/opt/wireshark/lib \
  -L/opt/homebrew/opt/glib/lib \
  -lwireshark -lwiretap -lwsutil -lglib-2.0
$(pkg-config --cflags wireshark) $(pkg-config --libs wireshark) -Wall -fPIC

I am trying to understand this because I'm currently working on building some custome custom plugins for various platforms but i I can't seem to get this example working.

I have tried to use a linux docker image to replicate the same compilation steps.

This is the Dockerfile

FROM debian:bookworm

# sid repository for unstable packages because I'm testing for 4.4.1
RUN echo "deb http://deb.debian.org/debian/ sid main" > /etc/apt/sources.list.d/sid.list

RUN apt-get update && \
    apt-get install -y \
    git \
    cmake \
    build-essential \
    clang \
    wireshark=4.4.1-1 \
    wireshark-dev=4.4.1-1 \
    tshark=4.4.1-1 \
    libwireshark-dev=4.4.1-1 \
    libglib2.0-dev \
    libglib2.0-dev-bin \
    && rm -rf /var/lib/apt/lists/*

ENTRYPOINT ["/bin/bash"]

Once insider the container, I run

 clang -shared hello.c -o hello.so $(pkg-config --cflags wireshark) $(pkg-config --libs wireshark) -Wall -fPIC

Copy the hello.so into the right dir (found with tshark -G folders)

cp hello.so /usr/lib/aarch64-linux-gnu/wireshark/plugins/4.4/epan/

And I am able to run the plugin perfectly.

root@c0b132d27190:/plugin# tshark -Y "hello_ws"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'eth0'

What am I missing in compilation on macOS?

plugin.example hello.c

Hi all,

In what situations can you compile the hello.c example plugin

https://gitlab.com/wireshark/wireshark/-/tree/release-4.4/doc/plugins.example

such that it will get detected under About Wireshark > Plugins, But unable to be found under the filter search.

The relevant filtername should be "hello_ws" however it doesn't seem to found be anywhere.

Trying to find it on tshark doesn't work either.

❯ tshark -Y "hello_ws" -V
tshark: "hello_ws" is not a valid protocol or protocol field.
    hello_ws
    ^~~~~~~~

This is all for release 4.4.1, built via brew.

And I compiled it using 

 clang -shared hello.c -o hello.so $(pkg-config --cflags wireshark) $(pkg-config --libs wireshark) -Wall -fPIC

I am trying to understand this because I'm currently working on building some custom plugins for various platforms but I can't seem to get this example working.

I have tried to use a linux docker image to replicate the same compilation steps.

This is the Dockerfile

FROM debian:bookworm

# sid repository for unstable packages because I'm testing for 4.4.1
RUN echo "deb http://deb.debian.org/debian/ sid main" > /etc/apt/sources.list.d/sid.list

RUN apt-get update && \
    apt-get install -y \
    git \
    cmake \
    build-essential \
    clang \
    wireshark=4.4.1-1 \
    wireshark-dev=4.4.1-1 \
    tshark=4.4.1-1 \
    libwireshark-dev=4.4.1-1 \
    libglib2.0-dev \
    libglib2.0-dev-bin \
    && rm -rf /var/lib/apt/lists/*

ENTRYPOINT ["/bin/bash"]

Once insider the container, I run

 clang -shared hello.c -o hello.so $(pkg-config --cflags wireshark) $(pkg-config --libs wireshark) -Wall -fPIC

Copy the hello.so into the right dir (found with tshark -G folders)

cp hello.so /usr/lib/aarch64-linux-gnu/wireshark/plugins/4.4/epan/

And I am able to run the plugin perfectly.

root@c0b132d27190:/plugin# tshark -Y "hello_ws"
Running as user "root" and group "root". This could be dangerous.
Capturing on 'eth0'

What am I missing in compilation on macOS?