I have a wireshark plugin code which compiles and generates .so files perfectly under Ubuntu 16. This dissector was written for wireshark 1.6 and the plugin runs perfectly under wireshark 1.6. However when I try to use this plugin for wireshark 2(or any wireshark version higher than 1.6) following errors show - so I wanted to edit the code by replacing the methods - as after googling I've found that these methods do not belong to the new wireshark API. but the problem is every time I edit the code - even by only putting a space in a blank space - following error appears - what should I do? I am in bad need for help. I have no idea what to do!!!! Thanks in advance asked 30 Sep '16, 01:43  xaheen edited 30 Sep '16, 02:38  grahamb ♦ |
One Answer:
The binary interface between Wireshark and plugins has changed considerably between 1.6 and 2.0, so coding changes will have to be made in the plug-in. Your options are:
answered 30 Sep '16, 02:43 grahamb ♦ showing 5 of 7 show 2 more comments |
Thanks a lot for your responce. Sadly I can't make the code public as I have aggrement with my Company. I have been trying to edit the old code, but as I've said, it's showing Errors even if I put a blank space at the end of the code... Why do you think this is occuring???
Because the Wireshark interface with plugins has changed, you must make the appropriate changes in the plugin to allow it to compile.
Unfortunately it's pretty much impossible for anyone to help without seeing the plugin code.
What you can do is look at each error, look back at the release notes for each major change, i.e. 1.6 -> 1.8, 1.8 > 1.10 etc. to determine what has changed and how to fix it.
For the error you show
packet-ife.c:105:23: fatal error: emem.h: No such file or directory, that is caused by a change in the memory manager used by Wireshark from emem to wmem in Wireshark 2.0, see the README.wmem file in the doc directory of the sources for more info.I suspect that you'll have a lot of other changes to do though.
Thanks a lot for your time and answer :) I think i have a lot of work to do :/
do you know about any wireshark online course for wireshark development?
I do a presentation about how to start writing dissectors at SharkFest, but it's very basic and won't answer any of your questions. I'm not aware of any on-line courses on dissector implementation, although there are a few articles\blog posts that are mostly out of date.
The resources I know of are the Developers Guide and the documents in the sources doc directory and the 1300+ dissector source files as examples in the Wireshark sources (epan/dissectors/packet-xxx.c)
Thanks a lot for your elaborate and resourceful answer. I will try my best to make the best out of it. I wish there were some tutorial for updating the old code!
Unfortunately that's one of the costs of keeping your dissector private, you have to maintain it yourself.
One way to sensibly keep up to date is to setup a continuous build system that compiles your plugin frequently and then you'll know when breaking changes have been made and you can easily see which commits caused the issues.
Leaving the dissector fallow for many major version releases, i.e. 1.6 -> 1.8 -> 1.10 -> 1.12 -> 2.0 -> 2.2 is quite likely to have lots of issues to be fixed up.