This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

New in-built dissector not visible

0

With 2.3.0 version, I am creating a new in-built dissector as listed below. I have updated the epan/dissectors/CMakeLists and added my file that contains the dissector, packet-probe.c

Done cmake and msbuild and build my wireshark version. However I don't see my dissector when I run my wireshark version.

Could you please let me know if there are any othe makefile or registry files that I need to update?

proto_register_pb(void)
{
...
  proto_probe = proto_register_protocol("Probe", "PROBE", "probe");
  proto_register_field_array(proto_probe, hf, array_length(hf));
  proto_register_subtree_array(ett, array_length(ett));
}

proto_reg_handoff_probe(void)
{
dissector_handle_t probe_handle;
ip_handle = find_dissector("ip");
rsvp_handle = find_dissector("rsvp");
probe_handle = create_dissector_handle(dissect_probe, proto_probe);
dissector_add_uint("udp.port", UDP_PORT_PROBE, probe_handle);
}


static void
dissect_probe(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
col_set_str(pinfo->cinfo, COL_PROTOCOL, "PROBE");
if (tree) {
…
}
…
}

Regards

Sanj

asked 16 Mar ‘17, 09:22

Sanj123's gravatar image

Sanj123
6336
accept rate: 0%

edited 16 Mar ‘17, 09:38

grahamb's gravatar image

grahamb ♦
19.8k330206

Does your protocol show up under the menu item Analyze -> Enabled Protocols?

(16 Mar ‘17, 09:39) grahamb ♦

No, I am not seeing my “probe” protocol under the Analyze->Enable Protocols menu.

(16 Mar ‘17, 09:53) Sanj123

If your code is in the order shown in your excerpt, i.e. dissect_probe() defined after it’s used in proto_reg_handoff_probe() then I suspect it isn’t being compiled which would point to a CMake problem.

Presumably you added your dissector to the DISSECTOR_SRC item in epan/dissectors/CMakeLists.txt?

Try opening the solution in Visual Studio and checking if your source file is shown in the Solution Explorer under Libs\epan\dissectors\dissectors\dissectors.

(16 Mar ‘17, 10:05) grahamb ♦

dissect_probe() is the 1st and proto_reg_handoff_probe() is the last call in the file. Sorry about the order listed in the example.

I had added the packet-probe.c file.c to set(DISSECTOR_SRC…) I am trying to figure out how to look up the file in Solution Explorer.

(16 Mar ‘17, 10:28) Sanj123

If the order is the correct way around it may well be compiled.

In your build directory do you see packet-probe.obj under epan\dissectors\dissectors.dir\RelWithDebInfo?

(16 Mar ‘17, 10:48) grahamb ♦

Yes, I do see the packet-prob.obj under Development/wsbuild64\epan\dissectors\dissectors.dir\RelWithDebInfo

(16 Mar ‘17, 10:55) Sanj123

It’s compiled then.

Are you certain you’re running the Wireshark you’ve just built, i.e. from your build directory run\RelWithDebInfo\Wireshark.exe?

(16 Mar ‘17, 11:31) grahamb ♦

Yes, I have checked the timestamp, I am running the one I built with the probe.

(16 Mar ‘17, 11:53) Sanj123

The .obj was being created but the executable did not show the new protocol. I deleted the RelWithDebInfo directory and rebuild. Now I can correctly see my protocol. Thanks for your help!!

(16 Mar ‘17, 13:25) Sanj123

If you open the generated file register.c is your dissectors register function included,if not delete the file to have it regenerated.

(16 Mar ‘17, 13:26) Anders ♦

Thanks both!!

(17 Mar ‘17, 07:37) Sanj123
showing 5 of 11 show 6 more comments