First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Plugin not loading -Wireshark 2.9

  • retag add tags

Hello, I had a working plugin back on version 2.2; it was compiled under VS2015\Win7. Recently I was attempting to adjust my plugin for the latest Wireshark (2.9) and Win10. So I've downloaded the latest code and built the 64bit libs, and then I had my plugin compiled and linked with those libs. (Had to do minor changes, and relocate my plugin to the plugins/2.9/epan folder for some reason) Compilation went OK, no warnings, I've also placed a break point under proto_register_protocol() call, just to see that Wireshark is loading my plugin, and indeed Wireshark stopped its execution at my break point. However I could not point to my plugin in the User DLT table, I got a red error "dissector not found".

I really don't know how to debug this, any clue?

/* Partial code */

    ProtoEssence = proto_register_protocol("My Protocol",  "Protocol",   "protocol" );
    proto_register_field_array(ProtoEssence, pInfo->pRegInfo, pInfo->RegItemsCount);
    proto_register_subtree_array(ett, array_length(ett));
    register_dissector("protocol", dissect_ecpo1, ProtoEssence);

I can actually see my plugin version and name under Help -> About -> Plugins however, creating User 0 entry resulting in Wireshark not recognizing 'protocol' as registered dissector though everything looks right.

10x Eitan

updated 2018-10-28 15:36:26 +0000
This post is a wiki. Anyone with karma >750 is welcome to improve it.
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

I would highly recommend that you (re)read README.plugins to be sure you didn't miss any changes from when you developed your plugin for Wireshark 2.2.

And it's always a good idea to have a look at the Wireshark-supplied plugins, such as gryphon, as good examples to follow too.

cmaynard's avatar
11.1k
cmaynard
answered 2018-10-29 14:53:16 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Just did and found that the plugins interface was recently changed, I wish Wireshark would be more forgiving \ backwards compatible for older plugins in the future :)

Eitan Michaelson's avatar Eitan Michaelson (2018-10-30 09:41:45 +0000) edit
more
  • delete

Hi Eithan, one may always hope, but I'm afraid you'd be disappointed. The (dissector) plugin interface is considered an internal interface to Wireshark (or rather, the Wireshark dissection engine) and this is constantly being worked on / improved, even if that influences dissectors (building or plugin). We'll take care of the build in dissectors, you may do yours. :)

Jaap's avatar Jaap (2018-10-30 12:57:05 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer