Re: [Wireshark-dev] QtShark Translation
Hi Joerg, On Sun, Mar 4, 2012 at 10:50 PM, Joerg Mayer jma...@loplof.de wrote: Hello Alexis, nice piece of work. I have one annotation and one question: You might try the following instructions for cmake: http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software but I'd be willing to do this once internationalization is committed. I tried but... no work ! (for the moment...) While looking at the translation file: It seems to contain the line numbers of the english original - does this mean the translation will fail if the line numbers change because someone makes changes to the code? No ! The line is only for information... when the translator translate ! (with Qt linguist) (there is a source view to see the context of the translation...) and the line is auto-generated by lupdate ! Thanks Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
Hello Alexis, On Mon, Mar 05, 2012 at 10:10:40AM +0100, Alexis La Goutte wrote: You might try the following instructions for cmake: http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software but I'd be willing to do this once internationalization is committed. I tried but... no work ! (for the moment...) No problem - as I wrote: I will try it once it is committed. While looking at the translation file: It seems to contain the line numbers of the english original - does this mean the translation will fail if the line numbers change because someone makes changes to the code? No ! The line is only for information... when the translator translate ! (with Qt linguist) (there is a source view to see the context of the translation...) and the line is auto-generated by lupdate ! Ah, good. Maybe you could add a file ui/qt/README.translate or whatever on how to go and translate into another language or update an existing one (I didn't know about Qt linguit). Ciao Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
On Mon, Mar 5, 2012 at 12:14 PM, Joerg Mayer jma...@loplof.de wrote: Hello Alexis, On Mon, Mar 05, 2012 at 10:10:40AM +0100, Alexis La Goutte wrote: You might try the following instructions for cmake: http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software but I'd be willing to do this once internationalization is committed. I tried but... no work ! (for the moment...) No problem - as I wrote: I will try it once it is committed. While looking at the translation file: It seems to contain the line numbers of the english original - does this mean the translation will fail if the line numbers change because someone makes changes to the code? No ! The line is only for information... when the translator translate ! (with Qt linguist) (there is a source view to see the context of the translation...) and the line is auto-generated by lupdate ! Ah, good. Maybe you could add a file ui/qt/README.translate or whatever on how to go and translate into another language or update an existing one (I didn't know about Qt linguit). I think add a chapite to doc/Readme.qt Ciao Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
On Sun, Mar 04, 2012 at 08:21:14PM +0100, Alexis La Goutte wrote: I realized a patch to add the i10n version of QtShark. The goal is only to translate the Gui (not dissector) Actually, there is only a french translations ! To test, launch qtshark with LANG=fr ./qtshark (in ui/qt folder) For make your own translation! it is easy ! - Add your translation (wireshark_XX.ts) in QtShark.pro - Launch lupdate QtShark.pro to generate/update your translation file - Translate with Qt Linguist - Launch lrelease QtShark.pro to create/update wireshark_xx.qm file OK, some summary feedback (we talked about some of this already): - please rename wireshark_XX.ts to qtshark_XX.ts as the executable is name qtshark. - please rename i10n.qrc to i18n.qrc - what is the use of i10n.qrc anyway (couldn't find it in any examples More information about Qt Translation is available in http://qt-project.org/doc/qt-4.8/linguist-manual.html - Please add the stuff to README.qt It missing some feature : * Add preference to select(force) your language Might make sense as some people would prefer the Enligsh GUI even if the rest of the applications are in their netive language. * Support of Cmake I'm working on it - but it isn't working (same as you found out) so far. * Some text it is no available for translation... I don't understand this one :) How about committing this soon'ish? Ciao Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
On Mon, Mar 05, 2012 at 03:45:09PM +0100, Joerg Mayer wrote: OK, some summary feedback (we talked about some of this already): One more thing ;-) - It looks like the qt-specific initialization is done in wireshark_main.cpp while you do the i18 stuff in main.cpp. ciao Jörg -- Joerg Mayer jma...@loplof.de We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Ashish, My protocol is registered, when I type it in the filter box it turns green. Also, I've built again wireshark (hope that's what you meant by creating a new workspace) but I still get the dissector not found error when I'm editing the DLT user in the GUI as you advice me. What could be wrong? Thanks so much for aiding me Armando Vázquez Ramírez ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
On Mon, Mar 05, 2012 at 10:10:40AM +0100, Alexis La Goutte wrote:
You might try the following instructions for cmake:
http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software
but I'd be willing to do this once internationalization is committed.
I tried but... no work ! (for the moment...)
The attached patch will make it (amost) work (this assumes some of the renames
I proposed but you will get the idea from it).
It will cause compilation to fail unless either
a) source dir is also the build dir or
b) you manually create a link for qtshark_fr.qm into the source dir
I will eventually look into the dependency problem, but for now I'm happy
it works at all
Ciao
Jörg
--
Joerg Mayer jma...@loplof.de
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
Index: CMakeLists.txt
===
--- CMakeLists.txt (revision 41354)
+++ CMakeLists.txt (working copy)
@@ -92,15 +92,22 @@
set(QTSHARK_QRC
display_filter.qrc
+ i18n.qrc
toolbar.qrc
welcome.qrc
)
+set(QTSHARK_TS
+ qtshark_fr.ts
+)
+
include_directories(
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_BINARY_DIR}
)
+QT4_ADD_TRANSLATION(QTSHARK_TS_QM ${QTSHARK_TS})
+
QT4_ADD_RESOURCES(QTSHARK_QRC_SRC ${QTSHARK_QRC})
QT4_WRAP_UI(QTSHARK_UI_SRC ${QTSHARK_UI})
@@ -132,6 +139,7 @@
${QTSHARK_UI_SRC}
${QTSHARK_MOC_SRC}
${QTSHARK_QRC_SRC}
+ ${QTSHARK_TS_QM}
)
set_target_properties(qtui PROPERTIES LINK_FLAGS ${WS_LINK_FLAGS})
Index: wireshark_application.cpp
===
--- wireshark_application.cpp (revision 41354)
+++ wireshark_application.cpp (working copy)
@@ -264,6 +264,7 @@
wsApp = this;
Q_INIT_RESOURCE(display_filter);
+Q_INIT_RESOURCE(i18n);
Q_INIT_RESOURCE(toolbar);
Q_INIT_RESOURCE(welcome);
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Alex,
The plugin you attached is meant to open filetypes different than pcap,
right? I don't understand how to use this knowledge with my problem. I'm
using a pcap file, thing is I want wireshark to dissect a protocol in the
link layer which is not included in wireshark.
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 9:11 AM, Alex Lindberg alind...@yahoo.com wrote:
I needed to read a unsupported file structure and protocol into
Wireshark. I did this by creating a plugin that registered the necessary
routines to read a file and determine if the file was the one I needed.
1st - register with wtap:
/* register with wtap */
void wtap_register_mst(void) {
static struct file_type_info fi = {
My PROTOCOL File,/* name */
mst_file,/* short name */
*.*, /* file extensions */
NULL, /* file extension default */
FALSE, /* writing seek must */
FALSE,/* has name resolution */
NULL,/* can write this type of file encap? */
NULL/* function to open for writing */
};
wtap_register_open_routine(myproto_open, TRUE);
encap_mst_file = wtap_register_encap_type(My PROTOCOL FILE,
myproto_file);
wf_myproto_file = wtap_register_file_type(fi);
}
As you see, you need a open routine (myproto_open). The open routine
determines of the file is of the flavor you are looking for, if so it
created a file structure used by Wireshark.
int myproto_open(wtap *wth, int *err, gchar **err_info _U_) {
/* open routine. First determine if it is a myproto file. */
/* The open_file_* routines should return:
-1 on an I/O error;
1 if the file they're reading is one of the types it handles;
0 if the file they're reading isn't the type they're checking for.
If the routine handles this type of file, it should set the file_type
field in the struct wtap to the type of the file. */
if (!(myproto_check_file(wth, err))) {
if (*err == 0) {
return 0;
}
else {
return -1;
}
}
/* point to 1st line */
if(file_seek(wth-fh,0, SEEK_SET, err) == -1) {
return -1;
}
wth-data_offset = 0;
wth-file_encap = WTAP_ENCAP_USER15; /* encap type to use if save as
pcap file */
wth-file_type = WTAP_ENCAP_USER15;
wth-subtype_read = myproto_read;/* routines to go for reading and
seeking */
wth-subtype_seek_read = myproto_seek_read;
wth-snapshot_length = 0;/* not known */
wth-tsprecision = WTAP_FILE_TSPREC_CSEC;
return 1;
}
As an FYI, to get the plungin's wtap routines to register, I had to modify
the local Makefile.am for plugin.c to look for the wtap register routine
(only for the Python build which I am using)
plugin.c: $(DISSECTOR_SRC) $(top_srcdir)/tools/make-dissector-reg \
$(top_srcdir)/tools/make-dissector-reg.py
@if test -n $(PYTHON); then \
echo Making plugin.c with python ; \
$(PYTHON) $(top_srcdir)/tools/make-dissector-reg.py $(srcdir) \
plugin_wtap $(DISSECTOR_SRC) ; \
else \
echo Making plugin.c with shell script ; \
$(top_srcdir)/tools/make-dissector-reg $(srcdir) \
$(plugin_src) plugin_wtap $(DISSECTOR_SRC) ; \
fi
Examples of these functions can be found in the wiretap directory. Best
of luck
Alex Lindberg
--- On *Sat, 3/3/12, ashish goel ashish.kumar.go...@gmail.com* wrote:
From: ashish goel ashish.kumar.go...@gmail.com
Subject: Re: [Wireshark-dev] How can I register a link layer protocol?
To: Developer support list for Wireshark wireshark-dev@wireshark.org
Date: Saturday, March 3, 2012, 12:30 PM
Hi Armando,
Have you checked if your protocol is registered or not. One way to check
this is to type your protocol's name in Wireshark's Display Filter textbox,
the textbox's background should turn green.
If your protocol is registered and it is not showing as valid protocol
while adding to DLT_User encapsulation table then DLT_user file might have
been corrupted.
Try creating a new workspace and implement your changes into that. It
should work.
2012/3/3 Armando Vázquez
avr...@gmail.comhttp://mc/compose?to=avr...@gmail.com
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why is
that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the same
as using the function dissector_add_uint(), am I right? If so, why isn't
working? should I change something else in pcap-common.c or wtap.c or
wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
Re: [Wireshark-dev] How can I register a link layer protocol?
For this to work your dissector needs to be registered by name. To get
that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why
is that? I tried using my dissector for the header protocol, but it
should also disscet 2 trailer bytes, does that represent a problem ?
What should I put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the
same as using the function dissector_add_uint(), am I right? If so, why
isn't working? should I change something else in pcap-common.c or wtap.c
or wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
ashish.kumar.go...@gmail.com mailto:ashish.kumar.go...@gmail.com wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
- protocols - DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com mailto:avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(myprotocol.proto,ACN protocol
number, FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(myprotocol, dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_encap, WTAP_ENCAP_MYPROTOCOL,
myprotocol_handle);
dissector_add_uint(tcp.port,
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
I did so by using this function:
void proto_register_myprotocol(void)
{
...
register_dissector(MY_PROTOCOL, dissect_myprotocol, proto_my_protocol);
}
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss jeff.morriss...@gmail.comwrote:
For this to work your dissector needs to be registered by name. To get
that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why
is that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the
same as using the function dissector_add_uint(), am I right? If so, why
isn't working? should I change something else in pcap-common.c or wtap.c or
wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
ashish.kumar.go...@gmail.commailto:
ashish.kumar.goel1@**gmail.com ashish.kumar.go...@gmail.com wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
- protocols - DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com mailto:avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/**wireshark-dev@wireshark.org/**
msg05931.htmlhttp://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html
)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--**--**
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(**myprotocol.proto,ACN protocol
number, FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(**myprotocol, dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(**void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(**dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_**encap, WTAP_ENCAP_MYPROTOCOL,
myprotocol_handle);
dissector_add_uint(tcp.port,
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
__**__**
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:
http://www.wireshark.org/**lists/wireshark-devhttp://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/**options/wireshark-devhttps://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@**wireshark.orgwireshark-dev-requ...@wireshark.org
?subject=**unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Would it make any sense to be able to store application specific information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? Bill ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Hi Bill, I don't know if the format's developers ever contemplated that use case - although they designed it to be fairly extensible, and I'm sure that someone could design a new type of block that stores serialised application preferences (in compressed XML, JSON, or some other format?), after requesting an type ID for it. I haven't thought too much about how you'd actually go about deciding upon the preferences to store - although adding a universal Save Current Preferences option to the file saving dialogue, and having an option in the corresponding file opening dialogue to temporarily import/set those preferences might work. I'm sure that others will come up with better ideas, though... Tyson. On 5 March 2012 18:26, Bill Meier wme...@newsguy.com wrote: Would it make any sense to be able to store application specific information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? Bill ___ Sent via: Wireshark-dev mailing list wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- Fight Internet Censorship! http://www.eff.org http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844 ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Hi, I think there is two paths that can be taken either add options and/or blocks as needed to the file format or encode the comment in some way, using the preferences simple format is one option. I'm leaning towards using the comments somehow. One could have Wireshark begin/end tags for other programs to skip that part of the comments. Regards Anders Tyson Key skrev 2012-03-05 19:39: Hi Bill, I don't know if the format's developers ever contemplated that use case - although they designed it to be fairly extensible, and I'm sure that someone could design a new type of block that stores serialised application preferences (in compressed XML, JSON, or some other format?), after requesting an type ID for it. I haven't thought too much about how you'd actually go about deciding upon the preferences to store - although adding a universal Save Current Preferences option to the file saving dialogue, and having an option in the corresponding file opening dialogue to temporarily import/set those preferences might work. I'm sure that others will come up with better ideas, though... Tyson. On 5 March 2012 18:26, Bill Meierwme...@newsguy.com wrote: Would it make any sense to be able to store application specific information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? Bill ___ Sent via:Wireshark-dev mailing listwireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Anders Broman skrev 2012-03-05 20:03: Hi, I think there is two paths that can be taken either add options and/or blocks as needed to the file format or encode the comment in some way, using the preferences simple format is one option. I'm leaning towards using the comments somehow. One could have Wireshark begin/end tags for other programs to skip that part of the comments. Regards Anders Rethinking :-) shb_ws_display_filterString multiple occuranse, coupled shb_ws_display_filter_comment shb_ws_capture_profileA complete profile which goes with the capture and gets loaded as the default profile when the capture is loaded if so configured. Could be useful additions that may not be to difficult to do something useful with. Tyson Key skrev 2012-03-05 19:39: Hi Bill, I don't know if the format's developers ever contemplated that use case - although they designed it to be fairly extensible, and I'm sure that someone could design a new type of block that stores serialised application preferences (in compressed XML, JSON, or some other format?), after requesting an type ID for it. I haven't thought too much about how you'd actually go about deciding upon the preferences to store - although adding a universal Save Current Preferences option to the file saving dialogue, and having an option in the corresponding file opening dialogue to temporarily import/set those preferences might work. I'm sure that others will come up with better ideas, though... Tyson. On 5 March 2012 18:26, Bill Meierwme...@newsguy.com wrote: Would it make any sense to be able to store application specific information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? Bill ___ Sent via:Wireshark-dev mailing listwireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
On Mar 5, 2012, at 11:03 AM, Anders Broman wrote: I think there is two paths that can be taken either add options and/or blocks as needed to the file format or encode the comment in some way, using the preferences simple format is one option. I'm leaning towards using the comments somehow. One could have Wireshark begin/end tags for other programs to skip that part of the comments. I presume you don't mean store them in opt_comment options, as other apps should not have to know about special tags in comments to indicate that they're not really comments. I'd go for registering a wireshark preferences option and just have it store raw preferences-file text; we'd also want, I think, another option for UATs, with the name of the UAT and its contents. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Bill Meier wrote: Would it make any sense to be able to store application specific information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? First thought: Keep a list of protocols in the capture file. For each, store only the preferences (if any) for that protocol which don't have the default value. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Err when using a pipe
Is it possible to tell how longer would it be before Wireshark 1.6.6 is released ? On Mon, Mar 5, 2012 at 1:31 AM, Guy Harris g...@alum.mit.edu wrote: On Mar 4, 2012, at 8:24 PM, Jeff Morriss wrote: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5939 It's scheduled to be fixed in 1.6.6. ...and I backported the relevant part (a tiny fraction of the change responsible for fixing it in the trunk; that change added a bunch of new functionality, so it's not appropriate for the 1.6 branch in its entirety) to 1.6 and checked it in. I've also scheduled that change for the 1.4 branch. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Armando,
By creating a new workspace I meant deleting the first one completely and
taking the new one and implementing the changes again.
In the mean time can you post the code.
2012/3/5 Armando Vázquez avr...@gmail.com
I did so by using this function:
void proto_register_myprotocol(void)
{
...
register_dissector(MY_PROTOCOL, dissect_myprotocol, proto_my_protocol);
}
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss
jeff.morriss...@gmail.comwrote:
For this to work your dissector needs to be registered by name. To get
that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why
is that? I tried using my dissector for the header protocol, but it should
also disscet 2 trailer bytes, does that represent a problem ? What should I
put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the
same as using the function dissector_add_uint(), am I right? If so, why
isn't working? should I change something else in pcap-common.c or wtap.c or
wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
ashish.kumar.go...@gmail.com
mailto:ashish.kumar.goel1@**gmail.comashish.kumar.go...@gmail.com
wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
- protocols - DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez avr...@gmail.com mailto:avr...@gmail.com
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/**wireshark-dev@wireshark.org/**
msg05931.htmlhttp://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html
)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ RESERVED 138, res0 },
{ RESERVED 139, res1 },
{ RESERVED 140, res2 },
{ RESERVED 141, res3 },
{ RESERVED 142, res4 },
{ RESERVED 143, res5 },
{ RESERVED 144, res6 },
{ RESERVED 145, res7 },
{ RESERVED 146, res8 },
/* WTAP_ENCAP_MYPROTOCOL*/
{ MY PROTOCOL, myprotocol }
};
Here are the register and handoff sections of my code
--**--**
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table(**myprotocol.proto,ACN protocol
number, FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector(**myprotocol, dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(**void)
{
data_handle = find_dissector(data);
myprotocol_handle = create_dissector_handle(**dissect_myprotocol,
proto_myprotocol);
dissector_add_uint(wtap_**encap, WTAP_ENCAP_MYPROTOCOL,
myprotocol_handle);
dissector_add_uint(tcp.port,
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
__**__**
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:
http://www.wireshark.org/**lists/wireshark-devhttp://www.wireshark.org/lists/wireshark-dev
Unsubscribe:
https://wireshark.org/mailman/**options/wireshark-devhttps://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@**wireshark.orgwireshark-dev-requ...@wireshark.org
?subject=**unsubscribe
___
Sent via:Wireshark-dev
