First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Getting started with building a dissector

  • retag add tags

Hi, good afternoon!

I've followed the instructions as described here (https://www.wireshark.org/docs/wsdg_h...) to create a custom dissector based on the sample and I'm getting some trouble trying to load the dissector.

First of all, let me say that I'm not building wireshark (and I don't want to get into that if not needed). I'm using the packages available on my system (Fedora Core 36). Those packages are: wireshark and wireshark-devel.

The thing Is I've been able to build the plugin (as shared object) but after loading into wireshark I see the plugin loaded but I cannot find the filter. I mean, I load a pcap file with the traffic related to the plugin and when I type the "sdts" in the filter bar, I cannot see it.

if I type: tshark -G plugins in the command line I get the sdts loaded but when I click on View -> Internals -> Supported Protocols I can't find the dissector.

Please, can anyone help me with this?

NOTE: I tried to paste some images and source code to give more details about my problem but I couldn't.

gbernaldo82's avatar
3
gbernaldo82
asked 2023-04-17 14:46:24 +0000
edit flag offensive 0 remove flag close merge delete

Comments

You never said if the traffic related to the plugin is actually dissected by your plugin. Does it, or not?

Looks like there's something off with the way you register your dissector with the dissection engine. Try posting the registration and handoff part of the code on pastebin or alike and add a link here.

Jaap's avatar Jaap (2023-04-18 09:13:30 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

For those following along with the home game, instructions here for building a plugin "out of tree":
doc/plugins.example

With these changes to hello.c to get rid of requirement for wireshark.h from the source tree:
(This is for build using wireshark-dev/jammy,now 3.6.2-2 amd64 [installed] on Ubuntu) 

/* #include <wireshark.h> */

/*
WS_DLL_PUBLIC_DEF const int plugin_want_major = WIRESHARK_VERSION_MAJOR;
WS_DLL_PUBLIC_DEF const int plugin_want_minor = WIRESHARK_VERSION_MINOR;
*/
WS_DLL_PUBLIC_DEF const int plugin_want_major = 3;
WS_DLL_PUBLIC_DEF const int plugin_want_minor = 6;
Chuckc's avatar
3k
Chuckc
answered 2023-04-18 14:43:40 +0000, updated 2023-04-18 14:46:19 +0000
edit flag offensive 0 remove flag delete link
more

Comments

My mistake not using the 3.6 branch example for hello.c which uses the old layout for header files.

Chuckc's avatar Chuckc (2023-04-19 12:19:36 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer