This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Problems in building a custom dissector

0

I have just built Wireshark, without modifying it, and now I'm trying to add a custom dissector as a plugin (64bit with Windows 7). I have followed the instruction provided by README.plugins, but there are some steps that are not so clear to me, so I hope someone could help me here!

Firstly I have created a folder for my files: plugins\MyProtocol (where MyProtocol is the short name of the protocol I'm trying to implement). I've added there all the files listed on README.plugins, by copying (and modifying, when needed) them from the Development\wireshark\plugins\gryphon but:

Makefile.common= I should list here some files (e.g. the source file) in some variables, but in the copied makefile there isn't any of the variables described by README.plugins (e.g.DISSECTOR___SRC or DISSECTOR_SUPPORT_SRC). I post here the content of Makefile.common

# Makefile.common for Gryphon plugin # Contains the stuff from Makefile.am and Makefile.nmake that is # a) common to both files and # b) portable between both files ... # the name of the plugin PLUGIN_NAME = gryphon # Non-generated sources to be scanned for registration routines NONGENERATED_REGISTER_C_FILES = \ packet-gryphon.c # Non-generated sources NONGENERATED_C_FILES = \ $(NONGENERATED_REGISTER_C_FILES) # Headers. CLEAN_HEADER_FILES = \ packet-gryphon.h HEADER_FILES = \ $(CLEAN_HEADER_FILES) include ../Makefile.common.inc <\code>

Did I take the wrong file? If yes, what one should I have taken? If not, do I have to add these variables myself? Can you give me some sample code performing this task? I'm not able to write this kind of code...

Compiling= once I have the plugins\MyProtocol folder ready, what do I have to do in order to compile my plugin as a dll? I can't find a real description on README.plugin: point 3 is just a description of the differences between custom and permanent addition; point 3.1 should explain my task, but apart from copying those Custom.*.example, and modifying the installer (which, for now, is not interesting to me), there is no explanation about the building itself. Do I have to use the same procedure to compile Wireshark? Or something different? Do I have to copy my MyProtocol folder to Development\wireshark\plugins, and recompile Wireshark? Maybe before doing that, I need to modify something in order to "tell" WS that I have added something; how can I achieve that?

Thanks in avance

asked 05 Aug '14, 02:40

francesco_bigotto's gravatar image

francesco_bi...
21459
accept rate: 0%


One Answer:

3

The instructions appear to be a little off-mark. DISSECTOR_SRC is used in CMakeLists.txt for CMake builds and isn't used for nmake builds.

AFAICT you need to modify Makefile.common, changing "gryphon" to "MyProtocol", and also modify moduleinfo.h and moduleinfo.nmake with names and version numbers.

To build your plugin you have the two options shown in Sect 3. A custom plugin, which is used if you aren't going to contribute your dissector back to the Wireshark community (why not?), requires you to copy plugins\Custom.nmake.example to plugins\Custom.nmake and modify to suit, i.e. replace "foo" with "MyProtocol", the other option, generally used when you do plan to contribute the dissector back to the community, requires changes to all the files listed.

Whichever method you use, just start the build again from the top-level source directory as you did for the plain vanilla build.

answered 05 Aug '14, 03:11

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Since there were already a Custom.nmake.example file in ...\wireshark\plugins, I modified that file replacing all occurences of "foo". Then I copied the folder "MyProtocol" to development\wireshark\plugins. Finally I also modified Makefile.nmake, adding "MyProtocol" to the PLUGIN_LIST at the beginning.

When I tried to compile, after a while, this was the output:

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

NMAKE : fatal error U1073: don't know how to make 'packet-gryphon.obj' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop.

C:\Development\wireshark>

(05 Aug '14, 03:55) francesco_bi...

Nope, as per README.plugins and my answer above you MUST copy Custom.nmake.example to Custom.nmake and modify the copy.

If you have a plugins\Custom.nmake, then do NOT modify plugin\Makefile.nmake, that is for the alternative build procedure.

(05 Aug '14, 04:17) grahamb ♦

Wait, I'm a bit confused.

In C:\Developement\wireshark\plugins I have (apart from some folders containing data of other plugins, such as gryphon)Custom.m4.example, Custom.make.example, Custom.nmake.example, Makefile.am, Makefile.nmake and Makefile.common.inc. So I don't have a custom.nmake!

Now, what do you (and README.plugin) mean with "copy Custom.nmake.example to Custom.nmake"? Do I have to copy the fileCustom.nmake.example, paste it in the same folder(windows prompt me that that file already exists in that folder, so I should chose to keep al the 2 files), rename it (as Custom.nmake), then open the just-created Custom.nmake, and modify it replacing "foo" with "MyProtocol"? Am I right??

Don't the other 2 Custom.*.example need modifying?

Sorry for these stupid question!

(05 Aug '14, 05:14) francesco_bi...

Yes, as I've tried to explain twice previously.

Custom.*.example are example files, you MUST copy the example to another file and remove the .example extension. In your case, as you're building with nmake, at the cmd prompt:

cd plugins copy Custom.nmake.example Custom.nmake

and modify the new file. The build process is all setup to locate Custom.nmake and use it if it exists.

The other Custom.*.example files are for other build systems.

(05 Aug '14, 05:40) grahamb ♦

ok sorry again! BTW I have copied Custom.nmake.example to Custom.nmake, and modified it as suggested. Then I have just copied the "MyProtocol" folder (containing AUTHORS, ChangeLog, CMakeList.txt, COPYING, Makefile.am, Makefile.common, Makefile.nmake, moduleinfo.h, moduleinfo.nmake, plugin.rc.in, MyProtocol.c)to the plugins directory.

Unfortunately, the output of the build is pretty much the same as before:

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

NMAKE : fatal error U1073: don't know how to make 'packet-gryphon.obj' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: 'if' : return code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop.

(05 Aug '14, 06:11) francesco_bi...

The first line of output indicates something in the makefiles is still expecting packet-gryphon.c.

You must have missed modifying something, probably in Makefile.common, i.e. changing packet-gryphon.c to MyProtcol.c. Did you make the other required modifications I mentioned in my answer?

(05 Aug '14, 06:18) grahamb ♦

Well, I hadn't modified Makefile.nmake, because in the README.plugins I read "No modifications are needed here", but there still was a gryphon.obj and things like that, so I tried to replace there too MyProtocol.

With the nmake -f Makefile.nmake distclean command I got this

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

    cd MyProtocol
    "c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe" /                   -f Ma

kefile.nmake clean

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

    rm -f packet-MyProtocol.obj MyProtocol.dll MyProtocol.exp MyProtocol.lib
    cd ..
    cd MyProtocol
    "c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe" /                   -f Ma

kefile.nmake distclean

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

NMAKE : fatal error U1073: don't know how to make 'distclean' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: 'if' : return code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop.

(05 Aug '14, 06:42) francesco_bi...

while with nmake -f Makefile.nmake all

Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385 Copyright (C) Microsoft Corporation. All rights reserved.

    cl -WX /DWINPCAP_VERSION=4_1_3 /Zi /W3 /MD /O2 /DWIN32_LEAN_AND_MEAN /DMSC_VER_REQUIRED=1600  /D_CRT_S

ECURE_NO_DEPRECATE /D_CRT_NONSTDC_NO_DEPRECATE -DPSAPI_VERSION=1 /MP /w34295 /I../.. /IC:\Development\wiresha rk\Wireshark-win64-libs\gtk2\include\glib-2.0 /IC:\Development\wireshark\Wireshark-win64-libs\gtk2\lib\glib-2 .0\include -DG_DISABLE_DEPRECATED -DG_DISABLE_SINGLE_INCLUDES /IC:\Development\wireshark\Wireshark-win64-li bs\WPdpack\include -Fd.\ -c packet-wimaxmacphy.c plugin.c Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for x64 Copyright (C) Microsoft Corporation. All rights reserved.

packet-wimaxmacphy.c plugin.c link -dll /out:wimaxmacphy.dll /NOLOGO /INCREMENTAL:no /DEBUG /MACHINE:x64 /DYNAMICBASE /FIXED:no packet-wimaxmacphy.obj plugin.obj ....\epan\libwireshark.lib C:\Development\wireshark\Wireshark-win64- libs\gtk2\lib\glib-2.0.lib C:\Development\wireshark\Wireshark-win64-libs\gtk2\lib\gmodule-2.0.lib C:\Develop ment\wireshark\Wireshark-win64-libs\gtk2\lib\gobject-2.0.lib wimaxmacphy.res Creating library wimaxmacphy.lib and object wimaxmacphy.exp cd .. if exist Custom.nmake "c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe" / -f Custom.nmake

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

    cd MyProtocol
    "c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe" /                   -f Ma

kefile.nmake

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

NMAKE : fatal error U1073: don't know how to make '..\plugin_api.obj' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: 'if' : return code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop.

(05 Aug '14, 06:42) francesco_bi...
Well, I hadn't modified Makefile.nmake, because in the README.plugins I read "No modifications are needed here", but there still was a gryphon.obj and things like that, so I tried to replace there too MyProtocol.

Please read the documentation and answers carefully. You should be modifying Makefile.common, not Makefile.nmake. There is nothing about gryphon in Makefile.nmake (apart from a comment which you can modify if you wish), hence nothing to change.

To reiterate, the files to modify in your plugin directory are Makefile.common, moduleinfo.h and moduleinfo.nmake

(05 Aug '14, 06:54) grahamb ♦

Clear, I probably had taken a wrong file, that's why I could see different things. I checked all the files to modify, and I've done what was needed. I got a very long list of Compiling error, that I will post in the next comment. Are they related to the MyProtocol.c code or not? It seems there are errors in some library source, but they were directly downloaded from the internet... Can you figure out what is going on?

(05 Aug '14, 07:19) francesco_bi...

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

    cd MyProtocol
    "c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe" /                   -f Ma

kefile.nmake

Microsoft (R) Program Maintenance Utility Version 10.00.40219.01 Copyright (C) Microsoft Corporation. All rights reserved.

Making plugin.c (using python) Updating plugin.c sed -e s/@[email protected]/MyProtocol/ -e s/@[email protected]/0,0,2,0/ -e s/@[email protected]/1,99,0,0/ -e s /@[email protected]/0.0.2.0/ -e s/@[email protected]/MyProtocol/ -e s/@[email protected]/1.99.0-FBG/ -e s/@[email protected]/MSVC2010 EE/ < plugin.rc.in > MyProtocol.rc rc /r MyProtocol.rc Microsoft (R) Windows (R) Resource Compiler Version 6.1.7600.16385 Copyright (C) Microsoft Corporation. All rights reserved.

    cl -WX /DWINPCAP_VERSION=4_1_3 /Zi /W3 /MD /O2 /DWIN32_LEAN_AND_MEAN /DMSC_VER_REQUIRED=1600  /D_CRT_S

ECURE_NO_DEPRECATE /D_CRT_NONSTDC_NO_DEPRECATE -DPSAPI_VERSION=1 /MP /w34295 /I../.. /IC:\Development\wiresha rk\Wireshark-win64-libs\gtk2\include\glib-2.0 /IC:\Development\wireshark\Wireshark-win64-libs\gtk2\lib\glib-2 .0\include -DG_DISABLE_DEPRECATED -DG_DISABLE_SINGLE_INCLUDES /IC:\Development\wireshark\Wireshark-win64-li bs\WPdpack\include -Fd.\ -c packet-MyProtocol.c plugin.c Microsoft (R) C/C++ Optimizing Compiler Version 16.00.40219.01 for x64 Copyright (C) Microsoft Corporation. All rights reserved.

packet-MyProtocol.c plugin.c c:\development\wireshark\epan\proto.h(113) : error C2054: expected '(' to follow 'WS_MSVC_NORETURN' c:\development\wireshark\epan\proto.h(113) : error C2085: 'proto_report_dissector_bug' : not in formal paramet er list c:\development\wireshark\epan\proto.h(434) : error C2057: expected constant expression c:\development\wireshark\epan\proto.h(435) : error C2057: expected constant expression c:\development\wireshark\epan\proto.h(436) : error C2057: expected constant expression c:\development\wireshark\epan\proto.h(437) : error C2057: expected constant expression c:\development\wireshark\epan\proto.h(438) : error C2057: expected constant expression c:\development\wireshark\epan\proto.h(439) : error C2057: expected constant expression

(05 Aug '14, 07:20) francesco_bi...

c:\development\wireshark\epan\proto.h(440) : error C2057: expected constant expression c:\development\wireshark\epan\proto.h(446) : error C2057: expected constant expression c:\development\wireshark\epan\proto.h(446) : error C2085: 'field_display_e' : not in formal parameter list c:\development\wireshark\epan\proto.h(464) : error C2085: 'hf_ref_type' : not in formal parameter list c:\development\wireshark\epan\proto.h(467) : error C2085: 'header_field_info' : not in formal parameter list c:\development\wireshark\epan\proto.h(486) : error C2061: syntax error : identifier 'hf_ref_type' c:\development\wireshark\epan\proto.h(488) : error C2143: syntax error : missing '{' before '' c:\development\wireshark\epan\proto.h(489) : error C2059: syntax error : '}' c:\development\wireshark\epan\proto.h(508) : error C2061: syntax error : identifier 'header_field_info' c:\development\wireshark\epan\proto.h(509) : error C2059: syntax error : '}' c:\development\wireshark\epan\proto.h(522) : error C2016: C requires that a struct or union has at least one m ember c:\development\wireshark\epan\proto.h(522) : error C2061: syntax error : identifier 'header_field_info' c:\development\wireshark\epan\proto.h(532) : error C2059: syntax error : '}' c:\development\wireshark\epan\proto.h(610) : error C2061: syntax error : identifier 'field_info' c:\development\wireshark\epan\proto.h(612) : error C2059: syntax error : '}' c:\development\wireshark\epan\proto.h(615) : error C2061: syntax error : identifier 'proto_tree' c:\development\wireshark\epan\proto.h(615) : error C2059: syntax error : ';' c:\development\wireshark\epan\proto.h(617) : error C2061: syntax error : identifier 'proto_item' c:\development\wireshark\epan\proto.h(617) : error C2059: syntax error : ';' c:\development\wireshark\epan\proto.h(706) : error C2143: syntax error : missing ')' before '' c:\development\wireshark\epan\proto.h(706) : error C2143: syntax error : missing '{' before '' c:\development\wireshark\epan\proto.h(706) : error C2059: syntax error : ',' c:\development\wireshark\epan\proto.h(706) : error C2059: syntax error : ')' c:\development\wireshark\epan\proto.h(707) : error C2143: syntax error : missing ')' before '' c:\development\wireshark\epan\proto.h(707) : error C2143: syntax error : missing '{' before '*' c:\development\wireshark\epan\proto.h(707) : error C2059: syntax error : ',' c:\development\wireshark\epan\proto.h(707) : error C2059: syntax error : ')'

(05 Aug '14, 07:20) francesco_bi...

I can't post any more code because it's considered spam, btw there are lots of other errors similar to these

(05 Aug '14, 07:22) francesco_bi...

I suspect this is caused by your dissectors code. The errors are indicating the compiler has a problem with epan\proto.h, which, unless you have modified it will be perfectly OK and is used all over the place, so I think it more likely that your dissector isn't including the correct preamble. Can you show the start of the includes in your dissector, it should have #include "config.h" as the first include.

(05 Aug '14, 07:43) grahamb ♦

Here's the code. There is a conditional include for config.h

# ifdef HAVE_CONFIG_H # include "config.h" # endif

# include <stdio.h> #include <glib.h> #include <epan packet.h="">

#include <string.h>

#define PROTO_TAG_MYPROTOCOL "MyProtocol"

(06 Aug '14, 01:31) francesco_bi...

Remove the conditional around the include of config.h.

I presume that the odd code for the epan/packet.h include is caused by the sites markup. Edit, yes it is.

(06 Aug '14, 02:41) grahamb ♦

Condition removed. Now I have the following problem. It seems that some declaration is missing, but I don't know which one.

packet-MyProtocol.c plugin.c packet-MyProtocol.c(376) : error C2220: warning treated as error - no 'object' file generated packet-MyProtocol.c(376) : warning C4013: 'dissector_add' undefined; assuming extern returning int packet-MyProtocol.c(501) : warning C4013: 'check_col' undefined; assuming extern returning int packet-MyProtocol.c(561) : warning C4013: 'tvb_bytes_to_str_punct' undefined; assuming extern returning int NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\cl.EXE"' : retur n code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: 'if' : return code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop. NMAKE : fatal error U1077: '"c:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\Bin\amd64\nmake.exe"' : re turn code '0x2' Stop.

(06 Aug '14, 02:54) francesco_bi...

Is the dissector source originally from an older version of Wireshark?

If so, the Wireshark API has changed a bit and the dissector will have to be fixed up. You might look at the Gryphon plugin dissector source as a reference, e.g. dissector_add is now dissector_add_xxx, as declared in epan\packet.h.

There was another set of questions recently where another user was trying to bring an old plugin up to date, hopefully search will find it (some time in early June 2014).

(06 Aug '14, 03:07) grahamb ♦

It might be! To be honest I didn't write this code myself, it was given to me in order to build it, so I just assumed it was OK... However thanks a lot, I will read those documents and if I have still questions, I'll ask you again

(06 Aug '14, 03:11) francesco_bi...

I'm working on the code, and I have a short question: is it normal that plugins dissector aren't shown in Edit->Preferences->Protocols, but just in Help->About Wireshark->Plugins?

(07 Aug '14, 01:32) francesco_bi...

A protocol will only show up in Edit | Preferences | Protocols if it has preference settings.

(07 Aug '14, 02:07) grahamb ♦

And is it possible to implement 2 dissector as Plugins at the same time? Because I tried to put another dissector (MyProtocol2) in the Plugins directory, but I didn't know what to do with the Custom.nmake file. I tried to copy it again, with another name, but it didn't work, then I leave just one, with all occurences of MyProtocol1 modified to MyProtocol2, but at the end of the building I only had MyProtocol1 and not MyProtocol2.

(07 Aug '14, 05:22) francesco_bi...
1

You can only have a single Custom.nmake. so if you have two plugins to build you need to add the second one as an additional target in Custom.nmake, add replicate the entries in all the other targets, adjusting for the second plugin.

(07 Aug '14, 05:33) grahamb ♦
showing 5 of 23 show 18 more comments