This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to build tshark as a shared library, like libtshark.so?

0

I want to use methods in tshark in my program. So I want to build tshark as a library. How can I do this?

Thank you for anyone's help in advance.

more detalis:
1.I'm making a test result analysis tool to deal with *.pcap files. This tool will first get the data chunk above TCP layer from pcap files and then do some analysis. So I need to use tshark function to peel the data by different layers.
2.I'm using GNU autotools building the whole wireshark source project.
3.I've tried to make some changes in Makefile.am and automake and configure and make. And I got libtshark.a. The problem is some of the functions in tshark can not be seen from "nm libtshark.a| grep XXX", which means my tool cannot use it. There must be something wrong when I made the libtshark.a. I did it like this:

a.I changed main() in tshark.c to tshark()
b.I removed "tshark" from bin_PROGRAMS and EXTRA_PROGRAMS in Makefile.am
c.I added "lib_LIBRARIES = libtshark.a" in Makefile.am
d.I added "libtshark_a_SOURCES = $(tshark_SOURCES)" in Makefile.common
e.I added "libtshark_a_LIBADD = " in Makefile.am
f.automake
g../configure
h.make

asked 24 Jun '15, 02:46

David%20Zhou's gravatar image

David Zhou
1223
accept rate: 0%

edited 25 Jun '15, 19:58

Do you actually mean tshark, or the wireshark dissection engine in libwireshark or the capture file reading\writing tools in libwiretap?

The tshark executable basically parses command line options and then calls into libwireshark\libwiretap as required.

(24 Jun '15, 08:34) grahamb ♦

@grahamb, Thank you for your reply. yes, I mean tshark. I know tshark implement some methods like "process_packet()" to deal with *.pcap files, spliting ethernet layer/IP layer/TCP layer, etc. And I know these methods in tshark are based on some interfaces from libwireshark and libwiretap.

So I need to use the functions in tshark in my program and I'm trying to make tshark as a shared library. Could you please help me on this? Thank you.

(24 Jun '15, 19:18) David Zhou

2 Answers:

0

To make tshark a library you'll have to hack whatever build system you're using, e.g. autotools, CMake or nmake.

However I still question the usefulness of this. A library is a collection of functions that allows library users to achieve some result. tshark doesn't have any of this, its a command line parser that then calls the real libraries, libwireshark and libwiretap to do some work.

I think you should reconsider either using tshark as a spawned process, providing it the required command line options to do what you want and parsing the output, or use libwireshark and libwiretap directly, which isn't very easy at all as they're not designed to be general purpose libraries.

You also haven't indicated exactly what you wish to achieve, if you do that we may be able to suggest a better approach.

answered 25 Jun '15, 09:15

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

To make tshark a library you'll have to hack whatever build system you're using, e.g. autotools, CMake or nmake.

...and hack the code as well. It was written to be a program, not a library.

(25 Jun '15, 13:14) Guy Harris ♦♦

@grahamb, Thank you for the information. I've provided more details, appending to my question. Please check that. I appreciate your help. Thank you.

(25 Jun '15, 19:46) David Zhou

@David Zhou

a.I changed main() in tshark.c to tshark()

Are you aware that tshark is a console application printing to STDOUT? It's by far not enough to rename main() to get a library. Large parts of the code structure would have to be changed for that.

Why don't you call the tshark binary from your code (execve) and parse the output. Way less trouble for you. Plus, you would have to do the parsing part anyway, even if you (somehow) manage to press the tshark functionality into a library, because tshark would then still do the same as the console application, outputting a text representation of the dissected frames.

(26 Jun '15, 00:04) Kurt Knochner ♦

@Kurt Knochner, Thank you for your attention.

To execute tshark from my program as a spawn process is an option that I've already considered and abandoned. In this case, If the pcap file is extremely large(big chance), the spawn process will last a long time without output in STDOUT and my father program has no idea what's going on. This will lead to chaos.

I've also hacked tshark. I made some changes based on tshark code and now, when I run command "tshark -r xxx.pcap", nothing will be output on STDOUT but it will do some test analysis on dissected frames.
At this point, If I made this tshark a library, my program could get the layers' data directly from functions, not STDOUT, and do stuffs.

So if you have more information on how to generate libtshark.so/libtshark.a, I appreciate it you could share with me. Thank you.

(26 Jun '15, 01:57) David Zhou

0

After weeks of torture, I've made libtshark.so for my tool and they work well together. Here I share the process for people wanting tshark library.

summary

 1. this is based on wireshark-1.7 source code
 2. I used autotools system(automake, autoconf...)
 3. I did it by making necessary changes in existing wireshark source autotool files.
 4. there are still some redundancy functionality that could be excluded from the build. I just made it with the minimum modifications.

details

tshark.c

1.modify: main() => tshark()

./Makefile.am

1.add "lib_LTLIBRARIES = libtshark.la"
2.remove "@[email protected]" from bin_PROGRAMS
3.remove "tshark" from EXTRA_PROGRAMS
4.modify wireshark_LDADDui/gtk/libgtkui.a => ui/gtk/libgtkui.la
ui/gtk/libgtkui_dirty.a => ui/gtk/libgtkui_dirty.la
ui/libui.a => ui/libui.la
5.modify "if ENABLE_STATIC" macro
after:
if ENABLE_STATIC
libtshark_LDFLAGS = -Wl, -static -all-static
else
libtshark_LDFLAGS = -export-dynamic
endif
6.add libtshark.a and libtshark.la to CLEANFILES 7.add libtshark_la_LIBADD like this
libtshark_la_LIBADD =   \
    ui/libui.la         \
    ui/cli/libcliui.la          \
    ui/gtk/libgtkui.la          \
    wiretap/libwiretap.la       \
    epan/libwireshark.la        \
    wsutil/libwsutil.la     \
    @[email protected]          \
    $(plugin_ldadd)         \
    @[email protected] -lm         \
    @[email protected]         \
    @[email protected]           \
    @[email protected]          \
    @[email protected]           \
    @[email protected]         \
    @[email protected]         \
    @[email protected]   \
    @[email protected]           \
    @[email protected]        \
    @[email protected]        \
    @[email protected]        \

./Makefile.common

1.add libtshark_la_SOURCES like thislibtshark_la_SOURCES =  \
    $(WIRESHARK_COMMON_SRC) \
    $(SHARK_COMMON_CAPTURE_SRC) \
    airpcap_loader.c \
    capture_info.c  \
    color_filters.c \
    fileset.c   \
    filters.c   \
    g711.c \
    merge.c \
    proto_hier_stats.c  \
    recent.c    \
    summary.c   \
    u3.c        \
    capture_opts.c      \
    tempfile.c      \
    tshark.c

./ui/Makefile.am

1.modify: noinst_LIBRARIES = libui.a => lib_LTLIBRARIES = libui.la
2.add libui.la to CLEANFILES
3.modify: libui_a_SOURCES => libui_la_SOURCES
4.modify: libui_a_CFLAGS => libui_la_CFLAGS
5.modify: libui_a_DEPENDENCIES => libui_la_DEPENDENCIES

./ui/cli/Makefile.am

1.modify: noinst_LIBRARIES = libcliui.a => lib_LTLIBRARIES = libcliui.la
2.add libcliui.la to CLEANFILES
3.modify: libcliui_a_SOURCES => libcliui_la_SOURCES
4.modify: libcliui_a_CFLAGS => libcliui_la_CFLAGS
5.modify: libcliui_a_DEPENCENCIES => libcliui_la_DEPENCENCIES

./ui/gtk/Makefile.am

1.modify: noinst_LIBRARIES = libgtkui.a libgtkui_dirty.a => lib_LTLIBRARIES = libgtkui.la libgtkui_dirty.la
2.add libgtkui.la and libgtkui_dirty.la to CLEANFILES
3.modify: libgtkui_a_SOURCES => libgtkui_la_SOURCES
4.modify: libgtkui_a_CFLAS => libgtkui_la_CFLAGS
5.add libgtkui_la_LIBADD = -lglib-2.0 -lgobject-2.0 -lgtk-x11-2.0
6.modify: libgtkui_a_DEPENDENCIES => libgtkui_la_DEPENCENCIES
7.modify: libgtkui_dirty_a_SOURCES => libgtkui_dirty_la_SOURCES
8.modify: libgtkui_dirty_a_DEPENCENCIES => libgtkui_dirty_la_DEPENCENCIES

./ui/gtk/Makefile.common

1.add ../../file.c and ../../capture.c to WIRESHARK_GTK_SRC

automake under ./

#./configure --disable-dftest --disable-rawshark

#make (after this,you have your libtshark.so)

to use it up, you need to do more.

1.declare tshark() function in your program, as a entry to use libtshark.so. You may create a header file called tshark.h in your project and declare like this:'#ifdef __cplusplus
extern "C" {
'#endif
int tshark(int argc, char *argv[]);
'#ifdef __cplusplus
}
'#endif
remember to copy this header file under your libtshark directory before you build it.

2.link libtshark.so to your program 3.call tshark function like this, for example:

char arg_self = "/data/home/davidcyzhou/workspace/test/Debug/test";
char r_symbol = "-r";
char r_option = "/data/home/davidcyzhou/xxxx.pcap";
char V_symbol = "-V";
char* args[4] = { arg_self, V_symbol, r_symbol, r_option };
tshark(4, args);
4.when you build your program with libtshark.so, there might be some undefined reference err when it went with link command. Just comment related lines in your libtshark codes and rebuild. 5.before you execute your program, make sure your LD_LIBRARY_PATH have the path to the libtshark.so. 6.Now you should see your program can output like tshark does.

After all above, you can do your business with libtshark.so, like if you want to get the contents above TCP layer in each packets and replay them, just save the contents in a linked-list where it prints the protocol tree in tshark and return the list back to your program. Then you can do your replay logic in your program.

I will be happy if this help anyone else. If you have trouble with the process, please send me email:[email protected]

answered 07 Jul '15, 06:23

David%20Zhou's gravatar image

David Zhou
1223
accept rate: 0%

edited 07 Jul '15, 06:27