This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Couldn’t load module/undefined symbol

0

I'm currently making a plugin based on the rmt-norm dissector by following the instructions in the README.plugins and I have been able to successfully build the plugin but when I go to start wireshark I get the following message:

"Couldn't load module /products/wireshark/plugins/1.8.6/newnorm.so: products/wireshark-1.8.6/lib/wireshark/plugins/1.8.6/newnorm.so: undefined symbol: newnorm_ext_parse".

I'm using the code found in epan/dissectors/packet-rmt-norm.c and its subsequent header files but I haven't changed anything except for the naming (i.e. rmt_norm to new_norm)

I've tried putting newnorm_ext_parse in the epan/libwireshark.def file as suggested in previous post but it still tells me that its an undefined symbol.

I am fairly new to Linux so any suggestions would be much appreciated.

I'm using wireshark 1.8.6 and a SUSE Linux OS.

asked 21 Aug '13, 09:09

Torbett's gravatar image

Torbett
11334
accept rate: 0%

3 Answers:

1

If you're trying to access a symbol in libwireshark from a plugin then you'll need to add that symbol to the list of symbols exported by the library. You can do that by adding it to the epan/libwireshark.def file.

(That file exists and is used in Wireshark 1.8 but the method of selecting which symbols are exported changed in 1.10 and later.)

answered 04 Sep '13, 07:30

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

For the record: On March 1, 2013 in trunk SVN #47992, a change was made so that symbols which are to be exported should be declared using WS_DLL_PUBLIC. (libwireshark.def is no longer used).

For example (from epan/column.h)

...
#include "ws_symbol_export.h"
...
WS_DLL_PUBLIC
const gchar         *col_format_to_string(const gint);
...
(04 Sep '13, 09:25) Bill Meier ♦♦

0

Couldn't load module /products/wireshark/plugins/1.8.6/newnorm.so: products/wireshark-1.8.6/lib/wireshark/plugins/1.8.6/newnorm.so: undefined symbol: newnorm_ext_parse

I'm using the code found in epan/dissectors/packet-rmt-norm.c and its subsequent header files but I haven't changed anything except for the naming (i.e. rmt_norm to new_norm)

Did you rename rmt_norm to new_norm or did you rename rmt_norm to newnorm? If you renamed rmt_norm to new_norm, it sounds as if you made a mistake in one place and either renamed rmt_norm to newnorm or, in new code, used newnorm rather than new_norm.

If so, then fix the places where you used newnorm to use new_norm instead.

answered 21 Aug '13, 13:21

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thanks for you reply. I don't think that is the problem. I went through all the naming to check and I don't believe that's the case. Any other suggestions?

(21 Aug '13, 13:55) Torbett

Make sure that the routine named newnorm_ext_parse (not new_norm_ext_parse) actually exists in your code and, if it doesn't, either make it exist (note: there is no rmt_norm_ext_parse routine in the Wireshark source; in particular, it's not in epan/dissectors/packet-rmt-norm.c) or stop calling it (for example, try calling new_norm_ext_parse instead, if that routine exists).

(21 Aug '13, 14:14) Guy Harris ♦♦

0

Thank you both for your advice. I ended up abandoning the plugin route and instead I grep-ed for packet-rmt-norm and put my rendition of the protocol wherever the original was located and now it works just fine.

answered 11 Sep '13, 12:09

Torbett's gravatar image

Torbett
11334
accept rate: 0%