This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Are wireshark custom dissector .so files loaded at run time or initialization time

0

I wanted to know if the custom dissector which users have written under /plugin/ directory and created a .so for the same are loaded during run time or initialization time ?

I mean the .so files loaded under /usr/lib64/wireshark/plugins/1.12.7/ directory.

asked 25 May '16, 08:02

Kiran%20Kumar%20G's gravatar image

Kiran Kumar G
21111415
accept rate: 0%

2 Answers:

0

There's little difference between the two, but at a stretch one could say initialization time. The plugins are loaded as glib modules, and this is happening in wsutil/plugins.c:plugins_scan_dir(), called from scan_plugins(), which is called from wireshark-qt.cpp:main() during initialization of epan.

answered 25 May '16, 10:02

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

glib modules means -- libglib-2.0.so.0 ?

(25 May '16, 12:36) Kiran Kumar G

No, "the plugins are loaded as glib modules" means "the plugins are loaded using the g_module APIs". Those APIs are wrappers around the OS's dynamic loading APIs, such as dlopen()/dlsym() on most UN*Xes, LoadLibrary()/GetProcAddress() on Windows, or whatever the laggard UN*Xes such as 32-bit HP-UX use.

(25 May '16, 15:17) Guy Harris ♦♦

0

They're not linked in, they're loaded by calls Wireshark makes, so in that sense they're loaded at run time. The part of run time when they're loaded is during the startup process of Wireshark, not while Wireshark is actually dissecting packets, so, for example, they're not loaded "on-demand".

answered 25 May '16, 15:30

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%