[Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-ppc
The Buildbot has detected a new failure of OSX-10.5-ppc on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-ppc/builds/239 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-ppc Build Reason: Build Source Stamp: HEAD Blamelist: etxrab BUILD FAILED: failed failed slave lost sincerely, -The Buildbot ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] buildbot failure in Wireshark (development) on Ubuntu-7.10-x86-64
The Buildbot has detected a new failure of Ubuntu-7.10-x86-64 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Ubuntu-7.10-x86-64/builds/83 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: ubuntu-7.10-x86 Build Reason: Build Source Stamp: HEAD Blamelist: etxrab,jmayer,krj,wmeier BUILD FAILED: failed failed slave lost sincerely, -The Buildbot ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] buildbot failure in Wireshark (development) on Windows-XP-Win64
The Buildbot has detected a new failure of Windows-XP-Win64 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Windows-XP-Win64/builds/223 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: windows-xp-win64 Build Reason: Build Source Stamp: HEAD Blamelist: etxrab BUILD FAILED: failed nmake all sincerely, -The Buildbot ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Trivial patch to make Wireshak compile again
Hi. This is a trivial patch that makes Wireshark compiling again, please check it into the sources. There is a comment not properly terminated in file gtk\keys.h. Cheers Mike gtk-keys.h_comment_not_ properly_terminated.patch Description: gtk-keys.h_comment_not_ properly_terminated.patch ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] buildbot failure in Wireshark (development) on Solaris-10-SPARC
The Buildbot has detected a new failure of Solaris-10-SPARC on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/Solaris-10-SPARC/builds/174 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: solaris-10-sparc Build Reason: Build Source Stamp: HEAD Blamelist: etxrab BUILD FAILED: failed compile sincerely, -The Buildbot ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 30111: /trunk/ /trunk/epan/dissectors/: dissectors.vcproj /trunk/doc/: doc.vcproj /trunk/docbook/: docbook.vcproj /trunk/epan/: libwireshark.vcproj /trunk/g
On Thu, Sep 24, 2009 at 7:11 AM, etx...@wireshark.org wrote: Log: Update *.vcproj to visual studio 8 Are we able to generate correct project files for visual studio 8 with cmake? -- Stig Bjørlykke ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 30111: /trunk//trunk/epan/dissectors/: dissectors.vcproj /trunk/doc/:doc.vcproj /trunk/docbook/: docbook.vcproj /trunk/epan/:libwireshark.vcproj /trunk/gtk/
-Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Stig Bjørlykke Sent: den 25 september 2009 11:20 To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] [Wireshark-commits] rev 30111: /trunk//trunk/epan/dissectors/: dissectors.vcproj /trunk/doc/:doc.vcproj /trunk/docbook/: docbook.vcproj /trunk/epan/:libwireshark.vcproj /trunk/gtk/: libui.vcproj/trunk/plugins/: /trunk/: ... On Thu, Sep 24, 2009 at 7:11 AM, etx...@wireshark.org wrote: Log: Update *.vcproj to visual studio 8 Are we able to generate correct project files for visual studio 8 with cmake? I just updated the existing files - I don't actually know how to set up a project :( /Anders -- Stig Bjørlykke ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Improved interactive statistics?
Hi, For the round trip time, you might want to look at gtk/service_response_time_table.h. There are several dissectors using this API. For the rest, I am unable to make any suggestions immediately. Regards, Abhik. On Fri, Sep 25, 2009 at 12:09 AM, Nicolas Gendron nicolas.gend...@cybectec.com wrote: I want to gather some stats on an homemade protocol. I played with stats_tree_register, stats_tree_create_node, etc. It works great ... for counting packets. Now, I would want to calculate some round trip time (like a tcp ping) based on some information a user enters. I can't see how I can do the following with the stats interface : - Allow the user to provide information for stats gathering (e.g. two strings) - Allow the user to reset stats - Display some non counting stats (e.g. ms for the round trip time) Maybe the stats_tree_ is not the way to go. Can anybody help me? Thanks, Nic ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] OpenBSD enc0 capture from tcpdump failes to decode
I originally posted this message to wireshark-users (http://www.wireshark.org/lists/wireshark-users/200909/msg00202.html ) on 21 September 2009 but didn't receive any responses. I'm hoping that I can at least get a few tips for developing a dissector to solve this problem if there isn't a simple work around... I am trying to do some debugging on our VPN. We have a hub and spoke topology so it should be simple. Unfortunately my favorite protocol analyzer doesn't decode the packets. On the hub (OpenBSD 4.3) I capture packets from enc0 using tcpdump (I don't know the version but according to the output file it is 2.4). tcpdump can decode the packets without trouble, but tshark (on my Mac) fails to decode. I have included the following: - hexdump of capture file - tcpdump decode of capture file - tshark decode of capture file - output from tshark -v I will also try to attach my pcap file; but I don't know if the mailing list allows for attachments. I am willing to try to write a decoder if that is what it takes; but I hope that there is an easier solution. Thanks, BMG # hexdump /tmp/esp2-cut.pcap 000 c3d4 a1b2 0002 0004 010 07d0 000d b196 4ab5 8b1e 000d 020 016c 016c 0002 3525 d7b0 030 0c00 0045 6001 1eaf 0436 85e5 040 46a6 49ad ac62 ba38 0045 4c01 d332 0040 050 063f 3f7e a8c0 4609 a8c0 02ff 0c17 19ce 060 0128 25df 9d58 74ef 1880 8481 478d 070 0101 0a08 7a11 c858 710d 3805 0100 080 c802 2000 1800 f303 2d00 090 0f00 0019 0a00 6c65 8036 4a0f 875f 2c4d 0a0 5825 02e3 59e7 1031 6024 a00b 107c 5810 0b0 7817 b80b a07e fa7e 965d e371 0068 0c0 0001 0300 008d 0008 0300 00f3 0d0 0138 130e aa00 0e0 8587 294f 40c3 0f0 c25b 4299 6f26 9c14 3281 2494 c000 506a 100 0d00 ceae 0060 0201 00c8 110 0020 0018 0300 00f3 002b 190f 120 650a 366c 0f80 5f4a 0d97 2da8 6817 130 ee4d 12c8 0538 3ed0 0808 0b3c 05c8 3fdc 140 3f50 2e7d 38cb b4f1 0100 150 8d03 0800 f303 3800 0e01 0013 160 170 87aa 8f81 c33b 896c 932a 93a4 180 91bb c536 9432 0324 3560 0028 190 d706 3067 194 # tcpdump -r /tmp/esp2-cut.pcap -X tcpdump: WARNING: snaplen raised from 96 to 2000 23:37:42.887582 (authentic,confidential): SPI 0x2535b0d7: 192.168.9.70.5900 192.168.255.2.52761: P 671211301:671211581(280) ack 1486745460 win 33156 nop,nop,timestamp 293230792 225510712 (DF) (encap) : 4500 0160 af1e 3604 e585 a646 ad49 E..`¯...6.å.¦F I 0010: 62ac 38ba 4500 014c 32d3 4000 3f06 7e3f b¬8ºe..l...@.?.~? 0020: c0a8 0946 c0a8 ff02 170c ce19 2801 df25 À¨.FÀ¨ÿ...Î.(.ß% 0030: 589d ef74 8018 8184 8d47 0101 080a X.ït.G.. 0040: 117a 58c8 0d71 0538 0001 02c8 .zXÈ.q.8.È.. 0050: 0020 0018 03f3 002d 000f 1900 . .ó...- 0060: 000a 656c 3680 0f4a 5f87 4d2c 2558 e302 ..el6..J_.M,%Xã. 0070: e759 3110 2460 0ba0 7c10 1058 1778 0bb8 çY1.$`. |..X.x.¸ 0080: 7ea0 7efa 5d96 71e3 6800 0100 ~ ~ú].qãh... 0090: 0003 8d00 0800 0003 f300 3801 0e13 ó...8... 00a0: 00aa .ªªª 00b0: 8785 4f29 c340 5bc2 9942 ªª..O)�...@[Â.b 00c0: 266f 149c 8132 9424 00c0 6a50 o...2.$.ÀjP 00d0: 000d aece 6000 0102 c800 2000 ..®Î`.È... . 00e0: 1800 0003 f300 2b00 0f19 0a65 ó...+..e 00f0: 6c36 800f 4a5f 970d a82d 1768 4dee c812 l6..J_..¨-.hMîÈ. 0100: 3805 d03e 0808 3c0b c805 dc3f 503f 7d2e 8.Ð...È.Ü?P?}. 0110: cb38 f1b4 0001 038d 0008 Ë8ñ´ 0120: 03f3 0038 010e 1300 ...ó...8 0130: 0140: aa87 818f 3bc3 6c89 2a93 a493 bb91 36c5 ª...;Ãl.*.¤.».6Å 0150: 3294 2403 6035 2800 06d7 6730 2.$.`5(..×g0 # tshark -r ~/Desktop/esp2-cut.pcap -x 1 0.00 - UNKNOWN WTAP_ENCAP = 0 02 00 00 00 25 35 b0 d7 00 0c 00 00 45 00 01 60 %5..E..` 0010 af 1e 00 00 36 04 e5 85 a6 46 ad 49 62 ac 38 ba 6F.Ib.8. 0020 45 00 01 4c 32 d3 40 00 3f 06 7e 3f c0 a8 09 46 e.@.?.~?...f 0030 c0 a8 ff 02 17 0c ce 19 28 01 df 25 58 9d ef 74 (..%X..t 0040 80 18 81 84 8d 47 00 00 01 01 08 0a 11 7a 58 c8 .G...zX. 0050 0d 71 05 38 00 00 00 01 02 c8 00 00 00 20 00 18 .q.8. .. 0060 00 00 03 f3 00 00 00 2d 00 0f 19 00 00 0a 65 6c ...-..el 0070 36 80 0f 4a 5f 87 4d 2c 25 58 e3 02 e7 59 31 10 6..J_.M,%X...Y1. 0080 24 60 0b a0 7c 10 10 58 17 78 0b b8 7e a0 7e fa $`..|..X.x..~.~. 0090 5d 96 71 e3 68 00 00 00 01 00 00 00 00 03 8d 00 ].q.h... 00a0 08 00 00 03 f3 00 00 00 38 01 0e 13 00 00 00 00
[Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-x86
The Buildbot has detected a new failure of OSX-10.5-x86 on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-x86/builds/319 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-x86 Build Reason: Build Source Stamp: HEAD Blamelist: jmayer BUILD FAILED: failed compile sincerely, -The Buildbot ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] OpenBSD enc0 capture from tcpdump failes to decode
On Sep 25, 2009, at 10:07 AM, Brad Guillory wrote: I am willing to try to write a decoder if that is what it takes; but I hope that there is an easier solution. There's an easier solution, in the sense of less work to do on the code, but you'll still have to recompile Wireshark; see my response to your earlier mail. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 30151: /trunk/ /trunk/plugins/giop/: CMakeLists.txt /trunk/cmake/modules/: FindYAPP.cmake /trunk/plugins/: Makefile.am /trunk/plugins/tpg/: CMakeLists.txt /
On Sep 25, 2009, at 11:09 AM, jma...@wireshark.org wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=30151 User: jmayer Date: 2009/09/25 11:09 AM Log: Try to add tpg, but it seems it doesn't build with autofoo either. ...so I've removed it from plugins/Makefile.am for now. It 1) requires tools/tpg stuff, so tools/tpg/Makefile needs to be in configure.in's list of Makefiles to build; 2) requires yapp, which I suspect is this yapp: http://search.cpan.org/~fdesar/Parse-Yapp-1.05/lib/Parse/Yapp.pm which isn't listed in the collection of things you need in order to build Wireshark. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-ppc
The Buildbot has detected a new failure of OSX-10.5-ppc on Wireshark (development). Full details are available at: http://buildbot.wireshark.org/trunk/builders/OSX-10.5-ppc/builds/246 Buildbot URL: http://buildbot.wireshark.org/trunk/ Buildslave for this Build: osx-10.5-ppc Build Reason: Build Source Stamp: HEAD Blamelist: jmayer,krj BUILD FAILED: failed compile sincerely, -The Buildbot ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] tvb_reported_length() vs tvb_length()
Guy Harris wrote: On Sep 24, 2009, at 1:08 PM, Bill Meier wrote: What are the cases where the use of tvb_length... in a dissctors is valid ? Off the top of my head, I'd say it's valid if: Looking at README.developer in detrail I see that: 1. tvb_length is shown as being used before doing a heuristics check in new-style (and presumably heuristics) dissectors. In fact: I now see that the return is shown as tvb_length not tvb_reported_length. (Given this, I made an incorrect commit in a recent commit). ...you're doing a check of some sort before you start dissecting, such as a heuristic dissector test, and you need to know how much data is actually available so you don't throw an exception and abort the dissection or... Schwoo, Bill's email had me worrying that what I put in README.developer wasn't right (I think I copied the behavior from some new-style dissector without putting a lot of thought into it). I'll see about adding some words to the effect of please be careful not to throw an exception while doing these heuristics. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 30143: /trunk/tools/ /trunk/tools/: indexcap.py
I get this error when trying to run tools/indexcap.py: Traceback (most recent call last): File ./indexcap.py, line 29, in module import multiprocessing ImportError: No module named multiprocessing It appears that multiprocessing was introduced in Python v2.6: http://docs.python.org/dev/library/multiprocessing.html My Mac OS X 10.5.8 system doesn't have that version (provided by Apple): python --version Python 2.5.1 Is there another way to accomplish that or make it optional so we don't have to upgrade Python? On Sep 25, 2009, at 9:02 AM, k...@wireshark.org wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=30143 User: krj Date: 2009/09/25 08:02 AM Log: Add initial multiprocessing support Directory: /trunk/tools/ ChangesPath Action +35 -22indexcap.pyModified ___ Sent via:Wireshark-commits mailing list wireshark-comm...@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-commits Unsubscribe: https://wireshark.org/mailman/options/wireshark-commits mailto:wireshark-commits-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 29427: /trunk/ /trunk/epan/dissectors/: packet-bthci_acl.c packet-btl2cap.c packet-btrfcomm.c /trunk/epan/: packet.c packet.h reassemble.c reassemble_test.c
On Aug 14, 2009, at 11:38 PM, k...@wireshark.org wrote: http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=revrevision=29427 User: krj Date: 2009/08/14 11:38 PM Log: This patch introduces packet_add_new_data_source() which effectively deprecates add_new_data_source(). This is based on the following observation: 1) The tvb + name (aka. data_source) is only used when the protocol tree is visible Nope. It's also used, for example, by tshark -x, even if -V isn't specified. There may be other places where it's used as well. I've checked in a change to remove the test for a non-null, visible protocol tree. If this optimization is to be done, we need a better way of determining whether the data sources will be used. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] [Wireshark-commits] rev 30151: /trunk/ /trunk/plugins/giop/: CMakeLists.txt /trunk/cmake/modules/: FindYAPP.cmake /trunk/plugins/: Makefile.am /trunk/plugins/tpg/: CMakeLists.txt /
On Fri, Sep 25, 2009 at 01:13:19PM -0700, Guy Harris wrote: User: jmayer Date: 2009/09/25 11:09 AM Log: Try to add tpg, but it seems it doesn't build with autofoo either. ...so I've removed it from plugins/Makefile.am for now. It 1) requires tools/tpg stuff, so tools/tpg/Makefile needs to be in configure.in's list of Makefiles to build; 2) requires yapp, which I suspect is this yapp: http://search.cpan.org/~fdesar/Parse-Yapp-1.05/lib/Parse/Yapp.pm which isn't listed in the collection of things you need in order to build Wireshark. Oops! That change was only an experiment to see whether it works with autofoo. Thanks for undoing it. Maybe I'll do something similar to what I did in cmake: If yapp exists, build the plugin (well, not until it actually compiles and links of course). Ciao Joerg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Extending the DHCP dissector
How would the original bootp dissector be disabled? For now I'm pursuing the option of modifying the bootp dissector. Looks like redistributing just the libwireshark.dll may work for in house redistribution. A more elegant solution through plugins would be nice though. thanks, John -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Maynard, Chris Sent: Thursday, September 24, 2009 9:20 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Extending the DHCP dissector It might be possible to: 1) Take the existing BOOTP dissector and make the entire thing into a plugin but changing the name wherever it matters, such as with the handoff and register functions, display filter fields, possibly preferences, and whatever else to avoid name conflicts and the like. 2) Add your option, compile and distribute just your new bootp2.dll 3) Run Wireshark but disable the original bootp dissector. DISCLAIMER: I've never done this nor do I know for certain if it can be done or not, nor do I suspect it would be recommended to do this even if it can be done. -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev- boun...@wireshark.org] On Behalf Of Borz, John (IPG-Roseville RD) Sent: Thursday, September 24, 2009 7:07 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Extending the DHCP dissector My option is actually the NAP MS-SOH option with a vendor specific SOH embedded. I have the Wireshark development environment setup, and I've written a dissector for a custom protocol already. I was just trying to minimize the distribution impact. Sounds like I'll have to distribute the whole package. thanks, John -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev- boun...@wireshark.org] On Behalf Of Guy Harris Sent: Thursday, September 24, 2009 3:26 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Extending the DHCP dissector On Sep 24, 2009, at 3:00 PM, Borz, John (IPG-Roseville RD) wrote: That's what I was looking for. I would like to extend a production Wireshark installation to support decoding these options similar to the new dissector DLL plugin model. Is this possible with the built-in dissectors? The dissector plugin model allows a dissector to be plugged into any dissector table; this means that there already needs to be a dissector that registers that table. Currently, the BOOTP dissector doesn't register any such table, so, as I said, there is currently no mechanism to do what you want to do. You would have to change the BOOTP dissector in order to do that; that would require you to get the Wireshark source, change it, compile it, and distribute that modified version of Wireshark, along with the plugin. Wireshark 1.2 has a limited ability to support custom DHCP options without changing the code. There is a Custom BootP/DHCP Options preference, which takes a string of the form 176,MyOption,string;242,NewOption,ipv4 i.e., a semicolon-separated list of options, where each option is a comma-separated list with: option number - a value between 1 and 254 option name - the name for the option option type: string, for an option that's a character string; ipv4, for an option that's an IPv4 address; bytes, for an option that's an opaque blob of bytes. If your option is more complicated than that, this feature cannot support it. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev- requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev- requ...@wireshark.org?subject=unsubscribe CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
Re: [Wireshark-dev] Extending the DHCP dissector
In the Wireshark wiki there is a Lua code example for a chained dissector: http://wiki.wireshark.org/Lua/Dissectors It looks like they simply add the new dissector into the parent protocol's dissector table with the same port as the original, thereby overwriting its entry in the dissector table. If you made a new bootp dissector as a plugin, could you do the same trick to replace the existing builtin dissector without having to rebuild Wireshark? You'd have to build the plugin of course, but you wouldn't need a custom wireshark build. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Extending the DHCP dissector
Will look into that option. It's definitely worth a try. From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Beth Sent: Friday, September 25, 2009 4:22 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Extending the DHCP dissector In the Wireshark wiki there is a Lua code example for a chained dissector: http://wiki.wireshark.org/Lua/Dissectors It looks like they simply add the new dissector into the parent protocol's dissector table with the same port as the original, thereby overwriting its entry in the dissector table. If you made a new bootp dissector as a plugin, could you do the same trick to replace the existing builtin dissector without having to rebuild Wireshark? You'd have to build the plugin of course, but you wouldn't need a custom wireshark build. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Extending the DHCP dissector
You enable/disable dissectors via Analyze - Enabled Protocols - -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev- boun...@wireshark.org] On Behalf Of Borz, John (IPG-Roseville RD) Sent: Friday, September 25, 2009 6:44 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Extending the DHCP dissector How would the original bootp dissector be disabled? For now I'm pursuing the option of modifying the bootp dissector. Looks like redistributing just the libwireshark.dll may work for in house redistribution. A more elegant solution through plugins would be nice though. thanks, John -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev- boun...@wireshark.org] On Behalf Of Maynard, Chris Sent: Thursday, September 24, 2009 9:20 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Extending the DHCP dissector It might be possible to: 1) Take the existing BOOTP dissector and make the entire thing into a plugin but changing the name wherever it matters, such as with the handoff and register functions, display filter fields, possibly preferences, and whatever else to avoid name conflicts and the like. 2) Add your option, compile and distribute just your new bootp2.dll 3) Run Wireshark but disable the original bootp dissector. DISCLAIMER: I've never done this nor do I know for certain if it can be done or not, nor do I suspect it would be recommended to do this even if it can be done. -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev- boun...@wireshark.org] On Behalf Of Borz, John (IPG-Roseville RD) Sent: Thursday, September 24, 2009 7:07 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Extending the DHCP dissector My option is actually the NAP MS-SOH option with a vendor specific SOH embedded. I have the Wireshark development environment setup, and I've written a dissector for a custom protocol already. I was just trying to minimize the distribution impact. Sounds like I'll have to distribute the whole package. thanks, John -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev- boun...@wireshark.org] On Behalf Of Guy Harris Sent: Thursday, September 24, 2009 3:26 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Extending the DHCP dissector On Sep 24, 2009, at 3:00 PM, Borz, John (IPG-Roseville RD) wrote: That's what I was looking for. I would like to extend a production Wireshark installation to support decoding these options similar to the new dissector DLL plugin model. Is this possible with the built-in dissectors? The dissector plugin model allows a dissector to be plugged into any dissector table; this means that there already needs to be a dissector that registers that table. Currently, the BOOTP dissector doesn't register any such table, so, as I said, there is currently no mechanism to do what you want to do. You would have to change the BOOTP dissector in order to do that; that would require you to get the Wireshark source, change it, compile it, and distribute that modified version of Wireshark, along with the plugin. Wireshark 1.2 has a limited ability to support custom DHCP options without changing the code. There is a Custom BootP/DHCP Options preference, which takes a string of the form 176,MyOption,string;242,NewOption,ipv4 i.e., a semicolon-separated list of options, where each option is a comma-separated list with: option number - a value between 1 and 254 option name - the name for the option option type: string, for an option that's a character string; ipv4, for an option that's an IPv4 address; bytes, for an option that's an opaque blob of bytes. If your option is more complicated than that, this feature cannot support it. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev- requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev- requ...@wireshark.org?subject=unsubscribe CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system