First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

LNK2001 error building WS with custom dissector

Hello!

I'm currently working on updating & modifying a custom CAN dissector for Wireshark 2.4.7 that can be found here: https://canlogger.csselectronics.com/...

Problem is, when following the build guide for Windows there's no problem when building the "clean" Wireshark cloned from git, but when adding the dissector, at the building step I get this error LNK2001: unresolved external symbol open_routines.......

This open_routines function is needed (from what've seen in the code) to read the some DBC files required for this plugin/dissector to work. Also, I've double checked that the correct header files are included in the dissector

Currently, the only function where open routines is being used is in the following function:

static wtap_open_return_val dbc_multirow_open    (wtap *wth, int *err, gchar **err_info, const char *name){
wtap_open_return_val ret = WTAP_OPEN_NOT_MINE;
unsigned int real_type;

dbc_multi_row_active = FALSE;
if (dbc_multi_row == FALSE)
    return ret;

real_type = open_info_name_to_type(name);
if (real_type != WTAP_TYPE_AUTO)
    ret = open_routines[real_type - 1].open_routine(wth, err, err_info); 

if (ret == WTAP_OPEN_MINE && wth->file_encap == WTAP_ENCAP_SOCKETCAN)
{
    dbc_multirow_orig_wtap = *wth;

    wth->subtype_read      = dbc_multirow_read;
    wth->subtype_seek_read = dbc_multirow_seek_read;

    dbc_multirow_frame_no = 0;
    dbc_multirow_signal_count = 0;
    dbc_multi_row_active = TRUE;
}

return ret; }

AFAIK, it's responsible for opening the DBC files and expects either a MINE/NOT_MINE/ERROR value. If I force it to have a MINE, Wireshark builds but crashes when loading the DBC files.

Here's the error (in spanish) for more context. error

Thanks!!!!

mario15197's avatar
1
mario15197
asked 2024-03-05 12:27:10 +0000, updated 2024-03-05 17:12:01 +0000
edit flag offensive 0 remove flag close merge delete

Comments

And there's the error, converted from small text, some of which is red-on-black, to regular text for the benefit of older readers with older eyes, and Google-translated while I'm at it:

xproj]
  cl : command line  warning D9025: overriding '/WI' with '/w' [C: \Development\wsbuild64\wiretap\wiretap.vcxproj]

'C: Development\wsbuild64\Wireshark.sln' (default destination) (1) ->
'C: Development\wsbuild64 wireshark.vexproj.metaproj' (default destination) (2)
'C: Development\ wsbuild64 epan\epan.vexproj.metaproj' (default destination) (8) ->
'C: \Development\wsbuild64\epan \epan.vexproj" (default destination) (140) ->
  command line warning D9025: overriding '/W1' with '/w' [C: \Development\wsbuild64\epan\epan.vexproj]
  command line warning D9025: overriding '/W1' with '/w' [C: \Development\wsbuild64\epan\epan.vexproj]
  command line warning D9025: overriding '/W1' with '/w' [C: \Development\wsbuild64\epan\epan.vexproj
"C: \Development\wsbuild64\Wireshark.sin" (default destination) (1) ->
"C: \Development\wsbuild64\wireshark.vexproj.metaproj" (default destination) (2) ->
'C ...
(more)
Guy Harris's avatar Guy Harris (2024-03-06 19:59:06 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

That company's plugin is badly-designed. It attempts to register libwiretap routines in the dissector registration routines, and seems to have some weird code that hijacks the pcap and pcapng libwiretap file reading code.

That means that it relies on internal details of libwireshark that we never intended to be made available even to the rest of Wireshark, much less to plugins.

It will take some time to figure out how to make that work more cleanly.

Guy Harris's avatar
19.9k
Guy Harris
answered 2024-03-06 20:22:07 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Hi! Thank you for shedding light on the issue. There's any workarounds or alternatives to explore in order to solve this? We've been able to compile the program fine on the newest 4.3.0 version on Linux, registering it as a built in heuristic dissector rather than a plugin, but facing different problems when trying to cross-compile back to Windows

mario15197's avatar mario15197 (2024-03-12 10:13:45 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer