This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Add plugins to wireshark

0

How can we add our plugins to wireshark?

asked 06 Jun '14, 07:24

aman's gravatar image

aman
36151620
accept rate: 0%

One Answer:
active answersoldest answersnewest answerspopular answers
1

Look in the doc directory of the source, README.plugins.

permanent link

answered 06 Jun '14, 08:08

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

when I run autogen.sh after making al the changes I get:

Welcome to Git (version 1.8.3-preview20130601)

Run 'git help git' to display the help index. Run 'git help <command>' to display help for specific commands. C:\Development\wireshark\autogen.sh: line 55: autoconf: command not found

    You must have autoconf 2.60 or later installed to compile Wireshark.
    Download the appropriate package for your distribution/OS,
    or get the source tarball at ftp://ftp.gnu.org/pub/gnu/autoconf/

C:\Development\wireshark\autogen.sh: line 69: automake: command not found

    You must have automake 1.9 or later installed to compile Wireshark.
    Download the appropriate package for your distribution/OS,
    or get the source tarball at ftp://ftp.gnu.org/pub/gnu/automake/

C:\Development\wireshark\autogen.sh: line 99: libtool: command not found

    You must have libtool 1.4 or later installed to compile Wireshark.
    Download the appropriate package for your distribution/OS,
    or get the source tarball at ftp://ftp.gnu.org/pub/gnu/libtool/

If I download libtool 1.4 or later version, how do I use it and solve this problem?

(06 Jun '14, 10:27) aman

I though you were building on windows, no need for autoconf on windows.

(06 Jun '14, 11:06) Anders ♦

I have done all steps till point 3 as said in the readme file. Do I need to perform step 4 and 5 also to install? as I am getting the above error in step 4.

(06 Jun '14, 11:07) aman

Ya I am doing on windows. I am done till Step 3, what do I do after that to install my plugins ?

(06 Jun '14, 11:08) aman

Step 4, as it says is for unix. On Windows, after making all changes execute nmake- f Makefile.nmake on the top level directory of your Wireshark sources, exactly as you did before to build Wireshark, except the build will now include your plugin.

(06 Jun '14, 11:29) grahamb ♦

Creating library ipa.lib and object ipa.exp packet-ipa.obj : error LNK2019: unresolved external symbol _tvb_get_ephemeral_string referenced in function _dissect_complete_phone_summary packet-ipa.obj : error LNK2019: unresolved external symbol _tvb_bytes_to_str referenced in function _dissect_arp_cache_dump ipa.dll : fatal error LNK1120: 2 unresolved externals NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\link.EXE"' : return code '0x460' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\nmake.exe"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\nmake.exe"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\nmake.exe"' : return code '0x2' Stop.

(06 Jun '14, 11:39) aman

The plugin has older code in it. Look in epan\tvbuff.h to find the current set of tvbuff accessors.

I think tvb_bytes_to_str() is replaced with tvb_bytes_to_ep_str() and tvb_get_ephemeral_string() with tvb_get_str_enc(). You may have to adjust the parameters for the new functions . Look at the definitions in tvbuff.h and also README.dissector for more info.

(06 Jun '14, 12:00) grahamb ♦

yes I have tvb_bytes_to_str() replaced with tvb_bytes_to_ep_str() in epan\tvbuff.h file so shall I update the parameters in packet-ipa.c file according to the current set?

(06 Jun '14, 12:19) aman

That seems appropriate.

(06 Jun '14, 13:36) grahamb ♦

@grahamb : I did the change but still getting the same error.

(09 Jun '14, 06:40) aman

Have you done an nmake -f Makefile.nmake clean ?

(09 Jun '14, 07:16) grahamb ♦

Ya I did it.. still Same problem.:(

packet-ipa.c packet-ipa.c(677) : warning C4013: 'tvb_get_ephemeral_string' undefined; assuming extern returning int packet-ipa.c(689) : warning C4013: 'ether_to_str' undefined; assuming extern returning int packet-ipa.c(858) : warning C4013: 'tvb_bytes_to_str' undefined; assuming extern returning int

    link -dll /out:ipa.dll /NOLOGO /INCREMENTAL:no /MACHINE:I386 /DEBUG /MACHINE:x86 /SafeSEH /DYNAMICBASE /FIXED:no packet-ipa.obj ....\epan\libwireshark.lib  c:\development\Wireshark\Wireshark-win32-libs\gtk2\lib\glib-2.0.lib  c:\development\Wireshark\Wireshark-win32-libs\gtk2\lib\gmodule-2.0.lib  c:\development\Wireshark\Wireshark-win32-libs\gtk2\lib\gobject-2.0.lib

Creating library ipa.lib and object ipa.exp packet-ipa.obj : error LNK2019: unresolved external symbol _tvb_get_ephemeral_string referenced in function _dissect_complete_phone_summary packet-ipa.obj : error LNK2019: unresolved external symbol _tvb_bytes_to_str referenced in function _dissect_arp_cache_dump ipa.dll : fatal error LNK1120: 2 unresolved externals NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\link.EXE"' : return code '0x460' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\nmake.exe"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\nmake.exe"' : return code '0x2' Stop. NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0\VC\BIN\nmake.exe"' : return code '0x2' Stop.

(09 Jun '14, 07:47) aman

It says you just replied 1 min ago and I cant see your comment there..

(09 Jun '14, 07:54) aman

The first three warnings are because you still have code in the plugin using the old functions, at the line numbers indicated and the compiler can't find the functions in the header files as they no longer exist.

The two errors are caused by the linker finding the same bits of code and is unable to link them as they don't exist.

You need to fix all of your plugin, replacing all calls to the renamed functions.

(09 Jun '14, 07:54) grahamb ♦

the first replacement worked but second one still gives the error. The plugins is tested but its not being installed here. What do I do to check the linking?

packet-ipa.c packet-ipa.c(677) : warning C4013: 'tvb_get_str_enc' undefined; assuming extern returning int packet-ipa.c(689) : warning C4013: 'ether_to_str' undefined; assuming extern returning int

link -dll /out:ipa.dll /NOLOGO /INCREMENTAL:no /MACHINE:I386 /DEBUG /MACHINE:x86 /SafeSEH /DYNAMICBASE /FIXED:no packet-ipa.obj ....\epan\libwireshark.lib c:\development\Wireshark\Wireshark-win32-libs\gtk2\lib\glib-2.0.lib c:\development\Wireshark\Wireshark-win32-libs\gtk2\lib\gmodule-2.0.lib c:\development\Wireshark\Wireshark-win32-libs\gtk2\lib\gobject-2.0.lib

Creating library ipa.lib and object ipa.exp packet-ipa.obj : error LNK2019: unresolved external symbol _tvb_get_str_enc referenced in function _dissect_complete_phone_summary ipa.dll : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0 \VC\BIN\link.EXE"' : return code '0x460' Stop.

(10 Jun '14, 07:00) aman

cant see your comment.

(10 Jun '14, 07:20) aman

I made a mistake above, you should be using tvb_get_string_enc().

However this just shows that you haven't looked at tvbuff.h as you should have seen it there when adjusting the parameters.

For ether_to_str() your source file packet-ipa.c should #include <epan/to_str.h>

(10 Jun '14, 07:25) grahamb ♦

Thanks, it worked for ether_to_str() but the tvb_get_string_enc() is still giving the same unresolved error. the parameters seem ok for it. and I dont have this function in tvbuff.h

(10 Jun '14, 07:47) aman

Where did you get your sources from, a zip or via git?

If git, presuming you are on the master branch then you need to update them with a git pull.

If a zip, then what version did you get?

(10 Jun '14, 08:01) grahamb ♦

wireshark sources I got from git clone Version 1.99.0 and my code from zip//

(10 Jun '14, 08:12) aman

OK, you need to do a git pull to update your clone to the main repo.

Confirm you're using the master branch with git branch --list, there should be a "*" against master in the list.

(10 Jun '14, 08:36) grahamb ♦

the pull and branch --list should be done via bash or git extensions?

(10 Jun '14, 08:52) aman

Via whatever git executable you feel comfortable with. The commands I listed are for command line git (actually the Windows version but the cygwin version would run the same). I don't know what they translate to for git extensions.

(10 Jun '14, 08:54) grahamb ♦

After pull command I rebuilt the cmd env and I get this..

C:\Development\wireshark>nmake -f makefile.nmake

Microsoft (R) Program Maintenance Utility Version 12.00.21005.1 Copyright (C) Microsoft Corporation. All rights reserved.

ERROR: The contents of 'C:\development\Wireshark\Wireshark-win32-libs\current_ta g.txt' is 2014-05-16. It should be 2014-06-05.

? Wireshark Libraries not up-to-date ? ? Do you need to run nmake -f Makefile.nmake setup ?

NMAKE : fatal error U1077: 'exit' : return code '0x1' Stop.

(10 Jun '14, 10:11) aman

I tried to rebuild it but it still gives the same error..:(

(10 Jun '14, 11:54) aman

Do you need to run nmake -f Makefile.nmake setup ?

Try nmake -f Makefile.nmake setup The printout is telling you that your libraries is out of date and you need to dowload fresh ones...

(10 Jun '14, 12:04) Anders ♦

I have done setup, distclean, all and packaging again.. still it shows the same error.

(10 Jun '14, 12:07) aman

What is the error exactly? Since Graham asked you to replace the call to tvb_get_str_enc() by tvb_get_string_enc() you have not showed us what errors you get.

(10 Jun '14, 22:16) Pascal Quantin

I get this error on replacing the said code:

packet-ipa.c packet-ipa.c(678) : warning C4133: 'function' : incompatible types - from 'tvbuff_t ' to 'wmem_allocator_t ' packet-ipa.c(678) : warning C4047: 'function' : 'tvbuff_t ' differs in levels of indirection from 'gint' packet-ipa.c(678) : warning C4024: 'tvb_get_string_enc' : different types for formal and actual parameter 2 packet-ipa.c(678) : error C2198: 'tvb_get_string_enc' : too few arguments for call packet-ipa.c(680) : warning C4133: 'function' : incompatible types - from 'tvbuff_t ' to 'wmem_allocator_t ' packet-ipa.c(680) : warning C4047: 'function' : 'tvbuff_t ' differs in levels of indirection from 'gint' packet-ipa.c(680) : warning C4024: 'tvb_get_string_enc' : different types for formal and actual parameter 2 packet-ipa.c(680) : error C2198: 'tvb_get_string_enc' : too few arguments for call packet-ipa.c(682) : warning C4133: 'function' : incompatible types - from 'tvbuff_t ' to 'wmem_allocator_t ' packet-ipa.c(682) : warning C4047: 'function' : 'tvbuff_t ' differs in levels of indirection from 'gint' packet-ipa.c(743) : warning C4047: 'function' : 'tvbuff_t ' differs in levels of indirection from 'int' packet-ipa.c(743) : warning C4024: 'tvb_get_string_enc' : different types for formal and actual parameter 2 packet-ipa.c(743) : error C2198: 'tvb_get_string_enc' : too few arguments for call packet-ipa.c(1093) : warning C4133: 'function' : incompatible types - from 'tvbuff_t ' to 'wmem_allocator_t ' packet-ipa.c(1093) : warning C4047: 'function' : 'tvbuff_t *' differs in levelsof indirection from 'gint' packet-ipa.c(1093) : warning C4024: 'tvb_get_string_enc' : different types for formal and actual parameter 2 packet-ipa.c(1093) : error C2198: 'tvb_get_string_enc' : too few arguments for call

(11 Jun '14, 05:55) aman

Firstly that's not the error you reported and that @Anders and @Pascal Quantin were trying to help you with, please try to be consistent about reporting errors.

Those errors are because you haven't correctly adjusted the parameters you are providing to tvb_get_string_enc(). As we can't see you code (unless you post it somewhere public) any help will be guesses.

The first parameter to the function must be of type wmem_allocator_t, that defines the scope (or lifetime) of the memory allocation for the string. Usually wmem_packet_scope() is sufficient unless you're stashing the string away for other purposes.

The second parameter is the tvb, this should be the same as the original call to tvb_get_ephemeral_string().

Similarly for the 3rd and 4th parameters, offset and length they should be as per the original call.

The 5th parameter is the encoding for the string, only you know how the string is encoded, if you aren't sure try ENC_ASCII.

(11 Jun '14, 06:33) grahamb ♦

My error is same, the above one is the case when I replace tvb_get_str_enc() with tvb_get_string_enc().

by using tvb_get_str_enc() I get

packet-ipa.c(677) : warning C4013: 'tvb_get_str_enc' undefined; assuming extern returning int Creating library ipa.lib and object ipa.exp packet-ipa.obj : error LNK2019: unresolved external symbol _tvb_get_str_enc referenced in function _dissect_complete_phone_summary ipa.dll : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 12.0 \VC\BIN\link.EXE"' : return code '0x460' Stop. Shall I share the code of my plugin or the tvbuff.h file?

(11 Jun '14, 09:06) aman

There is no function tvb_get_str_enc(), I made a mistake, you must not use that.

The reason for the errors you are getting with tvb_get_string_enc() is because you aren't giving it the correct parameters as I attempted to explain above. You must fix the parameters to allow it to compile and link correctly.

You'll need to share the code of the plugin, as we all already have access to tvbuff.h

(11 Jun '14, 09:30) grahamb ♦

static void dissect_phone_dn(tvbuff_t tvb, packet_info pinfo, proto_tree *tree) { //Dissects info relating to the phone's directory number gint offset_operation = 8; gint offset_dn_type = 9; gint offset_length_dn = 10; gint offset_directory_number = 11; gint offset_mac = 31;

proto_tree_add_text(ipa_tree1, tvb, offset_operation, 1, "Operation: %s", val_to_str(tvb_get_guint8(tvb, offset_operation), operationtypenames, "Unknown")); proto_tree_add_text(ipa_tree1, tvb, offset_dn_type, 1, "Directory Number Type: %s", val_to_str(tvb_get_guint8(tvb, offset_dn_type), DNtypenames, "Unknown")); proto_tree_add_text(ipa_tree1, tvb, offset_length_dn, 1, "Directory Number Length: %d", tvb_get_guint8(tvb, offset_length_dn)); proto_tree_add_text(ipa_tree1, tvb, offset_directory_number, 20, "Directory Number: %s", tvb_get_str_enc(tvb, offset_directory_number, 20)); proto_tree_add_ether_format(ipa_tree1 ,hf_ipa_pdu_type_phone_mac,tvb,offset_mac,6, tvb_get_ptr(tvb, offset_mac, 6),"MAC address : %s",ether_to_str(tvb_get_ptr(tvb, offset_mac, 6))); }

This is the function I am trying to work on.

(11 Jun '14, 10:28) aman
1

The code isn't the best way to do all that, but the line you need to change is:

proto_tree_add_text(ipa_tree1, tvb, offset_directory_number, 20, "Directory Number: %s", tvb_get_str_enc(tvb, offset_directory_number, 20));

changing it to:

proto_tree_add_text(ipa_tree1, tvb, offset_directory_number, 20, "Directory Number: %s", tvb_get_string_enc(wmem_packet_scope(), tvb, offset_directory_number, 20, ENC_ASCII));

(11 Jun '14, 10:32) grahamb ♦

I have changed it and the nmake command now runs successfully, but I cant see my plugin in Help-> about wireshark -> plugins section..

(11 Jun '14, 11:03) aman

I think you should start a new question for that as it's a different issue.

(11 Jun '14, 11:05) grahamb ♦

ok. thanks for your help. I will start a new question for it.

(11 Jun '14, 11:06) aman
showing 5 of 37 show 32 more comments
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×1,620
×37

question asked: 06 Jun '14, 07:24

question was seen: 7,545 times

last updated: 11 Jun '14, 11:06

Related questions

Wireshark built in dissector needs to be changed to a plugin??

Display captures on a web page

can we have both built in dissector and a plugin for the same protocol in wireshark?

can i have two separate builds of wireshark running on my ubuntu?

Build Errors for Custom Plugin in epan\proto.h

how to use a plugin to dissect packets in wireshark??

Examples of Wireshark dissectors run on top of SSL

How do I tell that a new capture has been opened for Wireshark?

Changes required to make plugins developed for 32-bit version to work with 64-bit version?

Plugins for Wireshark on Windows platform

about | faq | privacy | support | contact

p​o​w​e​r​e​d by O​S​Q​A