Hi all, I've developed a wireshark plugin dissector following the README.plugins and I can compile my dissector without errors and I can also see how it works perfectly in my own wireshark. But now, I want to migrate my plugin dissector to another wireshark installation. How can I do that? So far, I been trying this by copying my two files
from /usr/local/lib/wireshark/plugins/1.12.6 to the lib folder in the other wireshark installation, which is /usr/lib/x86_64-linux-gnu/wireshark/libwireshark3/plugins. And when I start Wireshark, I have the following error: Couldn't load module /usr/lib/x86_64-linux-gnu/wireshark/libwireshark3/plugins/netide.so: /usr/lib/x86_64-linux-gnu/wireshark/libwireshark3/plugins/my_dissector.so: undefined symbol: tvb_captured_length Any help will be apreciated. Thanks in advance! asked 02 Nov '15, 10:50 andres-beato |
One Answer:
APIs are not stable between Wireshark major releases. In your case, you compiled your plugin with Wireshark 1.12.6 and copied it in an older Wireshark installation folder (1.10x and older versions do not have tvb_captured_length() function but instead use tvb_length()). So if you want to run your plugin with Wireshark 1.10.x (for example) you must recompile it with the corresponding source code. Note that as the APIs can differ between releases, you can use the VERSION_MAJOR / VERSION_MINOR defines to be able to support multiple Wireshark source codes within a single plugin thanks to conditional compilation. answered 02 Nov '15, 13:59 Pascal Quantin |
Thanks a lot for your answer. I've recompiled with a wireshark source code 1.10.x and it worked. But, I'd like to do the conditional compilation that you mentioned, where can I set the version major/minor to support multiple wireshark code?
Note that the conditional compilation is only in the source code. You'll still need multiple copies of the plugin to distribute for the different versions of Wireshark you intend to support.
The version info can be picked up from config.h.
@andres-beato
If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.
Thanks a lot for your answer @grahamb. I haven't seen it, until your last comment, that's why I didn't click the checkmark until now. So, thanks a lot for your answer, I appreciate it a lot, and sorry.