This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Compiled plugin loads with development build binary, but not release binary installed from yum repository

0

I'm new to Wireshark development and I'm having trouble loading my custom Wireshark plugin in a production environment. I've developed and compiled a custom plugin for Linux (CentOS) following the steps in the Wireshark README files. The Wireshark development binary (version 1.10.14) will load the plugin, however, if I copy the plugin to a production machine running Wireshark 1.10.14, it fails to load. I receive a message that tvb_length is not defined. I've tried setting/creating a "LD_LIBRARY_PATH" environment variable, running "ldconfig" command, installing wireshark-devel package, etc....with the same results. How do I compile the plugin so I can drop it in a machine running Wireshark 1.10.14 and get it to successfully load and find the necessary symbols. Do I need to configure the build using the command "./configure --enable-static"?

asked 21 Jul '16, 13:10

emucker's gravatar image

emucker
11225
accept rate: 0%


One Answer:

1

Are you really, really sure your deployment system is running a 1.10 release?

In 1.10 tvb_length() was a function. Starting in 1.12 it became a macro and starting in 2.0 it went away completely.

The symptoms you're describing make it sound like you're compiling against 1.10.x (so your plugin is expecting a symbol with that name) but running against 1.12.y (where the symbol has been renamed).

One thing to check is what tvb*length functions your production libwireshark provides. Try:

nm -D /path/to/libwireshark.so.* | grep tvb | grep length

If you don't see tvb_length defined and it is 1.10.x then maybe CentOS picked up the patch that turned tvb_length() into a macro (IOW CentOS's 1.10.14 may not be exactly the same as ours--you'd have to check the source RPM to know for sure).

answered 22 Jul '16, 12:41

JeffMorriss's gravatar image

JeffMorriss ♦
6.2k572
accept rate: 27%

Thank you. This was the problem. Although the Wireshark version installed on CentOS 7 reports version 1.10.14, the actual call in the library is tvb_captured_length. Now that I know what is going on, I should be able to resolve it pretty quickly.

(25 Jul '16, 08:54) emucker

For supplemental information. To correct the problem I had to:

  1. Download the CentOS 7.2 sources rpm for wireshark 1.10.14
  2. Extract patch files from the sources rpm
  3. Apply the patches using the order specified in the wireshark.spec file included in the sources rpm
  4. Rebuild wireshark and plugin with the patched code
  5. Copied the plugin to the wireshark plugin directory and it successfully loaded.
(28 Jul '16, 09:24) emucker