Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Armando,
By creating a new workspace I meant deleting the first one completely and
taking the new one and implementing the changes again.
In the mean time can you post the code.
2012/3/5 Armando Vázquez
> I did so by using this function:
>
> void proto_register_myprotocol(void)
> {
> ...
> register_dissector("MY_PROTOCOL", dissect_myprotocol, proto_my_protocol);
>
> }
>
> Armando Vázquez Ramírez
>
>
>
> On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss
> wrote:
>
>> For this to work your dissector needs to be registered by name. To get
>> that it needs to call register_dissector().
>>
>> Armando Vázquez wrote:
>>
>>> Thanks ashis!
>>>
>>> When I tried this my protocol does not show up as a valid protocol, why
>>> is that? I tried using my dissector for the header protocol, but it should
>>> also disscet 2 trailer bytes, does that represent a problem ? What should I
>>> put in the header size field?
>>>
>>> Besides, I've read that using the GUI and editing the DLT_User is the
>>> same as using the function dissector_add_uint(), am I right? If so, why
>>> isn't working? should I change something else in pcap-common.c or wtap.c or
>>> wtap.h?
>>>
>>>
>>> Armando Vázquez Ramírez
>>>
>>>
>>> On Sat, Mar 3, 2012 at 6:27 AM, ashish goel <
>>> ashish.kumar.go...@gmail.com
>>> >
>>> wrote:
>>>
>>>Hi Armando,
>>>
>>>The is a way you can do it through wireshark GUI. Go to preferences
>>>-> protocols -> DLT_User. Here click on edit and add your protocol
>>>on any of the User DLTs(147 - 162). But make sure that that the pcap
>>>file you are using must have defined the same DLT value in its
>>>global header.
>>>
>>>Hope this helps.
>>>
>>>Thanks,
>>>Ashish
>>>2012/3/2 Armando Vázquez mailto:avr...@gmail.com>>
>>>
>>>
>>>Hi guys,
>>>
>>>I've read the developers guide, README.developer, wiretap plugin
>>>wiki and found no answer. Here is my problem. I'm trying to use
>>>Wireshark for dissecting a pcap capture of a protocol that it's
>>>not currently defined in wireshark. So I started writing a
>>>plugin, but I haven't been able to declare or register this
>>>dissector so it is enabled as a link layer dissector. I need to
>>>achieve this because this is not a internet protocol, so I need
>>>to identify it in this layer.
>>>
>>>I've already read this dev-topic
>>>(http://www.mail-archive.com/**wireshark-dev@wireshark.org/**
>>> msg05931.html
>>> )
>>>but I didn't understand it well.
>>>
>>>The dissection part works fine, I've tested it using a pcap and
>>>nesting it on top of TCP. I would really appreciate your help.
>>>Also I've added in wtap.h
>>>
>>>#define WTAP_ENCAP_MYPROTOCOL 147
>>>
>>>and in wtap.c
>>>
>>>static struct encap_type_info encap_table_base[] = {
>>>...
>>>{ "RESERVED 138", "res0" },
>>>{ "RESERVED 139", "res1" },
>>>{ "RESERVED 140", "res2" },
>>>{ "RESERVED 141", "res3" },
>>>{ "RESERVED 142", "res4" },
>>>{ "RESERVED 143", "res5" },
>>>{ "RESERVED 144", "res6" },
>>>{ "RESERVED 145", "res7" },
>>>{ "RESERVED 146", "res8" },
>>>
>>>/* WTAP_ENCAP_MYPROTOCOL*/
>>>{ "MY PROTOCOL, "myprotocol" }
>>>};
>>>
>>>Here are the register and handoff sections of my code
>>>
>>>--**--**
>>> --
>>>void proto_register_myprotocol (void)
>>>{
>>>...
>>>
>>>myprotocol_dissector_table =
>>>register_dissector_table("**myprotocol.proto","ACN protocol
>>>number", FT_UINT8, BASE_HEX);
>>>proto_register_field_array (proto_myprotocol, hf, array_length
>>>(hf));
>>>proto_register_subtree_array (ett, array_length (ett));
>>>register_dissector("**myprotocol", dissect_myprotocol,
>>>proto_myprotocol);
>>>}
>>>
>>>void proto_reg_handoff_myprotocol(**void)
>>>{
>>>
>>>data_handle = find_dissector("data");
>>>myprotocol_handle = create_dissector_handle(**dissect_myprotocol,
>>>proto_myprotocol);
>>>dissector_add_uint("wtap_**encap", WTAP_ENCAP_MYPROTOCOL,
>>> myprotocol_handle);
>>>dissector_add_uint("tcp.port",
>>>global_myprotocol_port, myprotocol_handle); // Registering this
>>>on top of TCP was only to develop the dissection part, this
>>>won't be present in the release version
>>>
>>>
>>>}
>>>
>> __**__**
>> ___
>> Sent via:Wireshark-dev mailing list
>> Archives:
>> http://www.wireshark.org/**lists/wireshark-dev
>> Unsubscribe:
>> https://wir
Re: [Wireshark-dev] Err when using a pipe
Is it possible to tell how longer would it be before Wireshark 1.6.6 is released ? On Mon, Mar 5, 2012 at 1:31 AM, Guy Harris wrote: > > On Mar 4, 2012, at 8:24 PM, Jeff Morriss wrote: > > > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5939 > > > > It's scheduled to be fixed in 1.6.6. > > ...and I backported the relevant part (a tiny fraction of the change > responsible for fixing it in the trunk; that change added a bunch of new > functionality, so it's not appropriate for the 1.6 branch in its entirety) > to 1.6 and checked it in. > > I've also scheduled that change for the 1.4 branch. > > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Bill Meier wrote: Would it make any sense to be able to store "application specific" information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? First thought: Keep a list of protocols in the capture file. For each, store only the preferences (if any) for that protocol which don't have the default value. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
On Mar 5, 2012, at 11:03 AM, Anders Broman wrote: > I think there is two paths that can be taken either add options and/or blocks > as needed to the file format or > encode the comment in some way, using the preferences simple format is one > option. > I'm leaning towards using the comments somehow. One could have Wireshark > begin/end tags for > other programs to skip that part of the comments. I presume you don't mean "store them in opt_comment options", as other apps should not have to know about special tags in comments to indicate that they're not really comments. I'd go for registering a "wireshark preferences" option and just have it store raw preferences-file text; we'd also want, I think, another option for UATs, with the name of the UAT and its contents. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Anders Broman skrev 2012-03-05 20:03: Hi, I think there is two paths that can be taken either add options and/or blocks as needed to the file format or encode the comment in some way, using the preferences simple format is one option. I'm leaning towards using the comments somehow. One could have Wireshark begin/end tags for other programs to skip that part of the comments. Regards Anders Rethinking :-) shb_ws_display_filterString multiple occuranse, coupled shb_ws_display_filter_comment shb_ws_capture_profileA complete profile which goes with the capture and gets loaded as the default profile when the capture is loaded if so configured. Could be useful additions that may not be to difficult to do something useful with. Tyson Key skrev 2012-03-05 19:39: Hi Bill, I don't know if the format's developers ever contemplated that use case - although they designed it to be fairly extensible, and I'm sure that someone could design a new type of block that stores serialised application preferences (in compressed XML, JSON, or some other format?), after requesting an type ID for it. I haven't thought too much about how you'd actually go about deciding upon the preferences to store - although adding a universal "Save Current Preferences" option to the file saving dialogue, and having an option in the corresponding file opening dialogue to temporarily import/set those preferences might work. I'm sure that others will come up with better ideas, though... Tyson. On 5 March 2012 18:26, Bill Meier wrote: Would it make any sense to be able to store "application specific" information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? Bill ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Hi, I think there is two paths that can be taken either add options and/or blocks as needed to the file format or encode the comment in some way, using the preferences simple format is one option. I'm leaning towards using the comments somehow. One could have Wireshark begin/end tags for other programs to skip that part of the comments. Regards Anders Tyson Key skrev 2012-03-05 19:39: Hi Bill, I don't know if the format's developers ever contemplated that use case - although they designed it to be fairly extensible, and I'm sure that someone could design a new type of block that stores serialised application preferences (in compressed XML, JSON, or some other format?), after requesting an type ID for it. I haven't thought too much about how you'd actually go about deciding upon the preferences to store - although adding a universal "Save Current Preferences" option to the file saving dialogue, and having an option in the corresponding file opening dialogue to temporarily import/set those preferences might work. I'm sure that others will come up with better ideas, though... Tyson. On 5 March 2012 18:26, Bill Meier wrote: Would it make any sense to be able to store "application specific" information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? Bill ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Hi Bill, I don't know if the format's developers ever contemplated that use case - although they designed it to be fairly extensible, and I'm sure that someone could design a new type of block that stores serialised application preferences (in compressed XML, JSON, or some other format?), after requesting an type ID for it. I haven't thought too much about how you'd actually go about deciding upon the preferences to store - although adding a universal "Save Current Preferences" option to the file saving dialogue, and having an option in the corresponding file opening dialogue to temporarily import/set those preferences might work. I'm sure that others will come up with better ideas, though... Tyson. On 5 March 2012 18:26, Bill Meier wrote: > Would it make any sense to be able to store "application specific" > information in a pcapng file ? > > E.g., selected Wireshark prefs so that Wireshark can act on same ? > > This would be useful when a capture file reqires specific dissector > preferences to properly dissect the file. > > Would this fit (at all) within the design goals for pcapng ? > Is there be a way to do this reasonably cleanly with the existing format ? > > How might one indicate the prefs which should to be stored ? > > > > Bill > > ___ > Sent via: Wireshark-dev mailing list > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- Fight Internet Censorship! http://www.eff.org http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844 ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Store selected Wireshark prefs in pcapng capture file ?
Would it make any sense to be able to store "application specific" information in a pcapng file ? E.g., selected Wireshark prefs so that Wireshark can act on same ? This would be useful when a capture file reqires specific dissector preferences to properly dissect the file. Would this fit (at all) within the design goals for pcapng ? Is there be a way to do this reasonably cleanly with the existing format ? How might one indicate the prefs which should to be stored ? Bill ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
I did so by using this function:
void proto_register_myprotocol(void)
{
...
register_dissector("MY_PROTOCOL", dissect_myprotocol, proto_my_protocol);
}
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 11:07 AM, Jeff Morriss wrote:
> For this to work your dissector needs to be registered by name. To get
> that it needs to call register_dissector().
>
> Armando Vázquez wrote:
>
>> Thanks ashis!
>>
>> When I tried this my protocol does not show up as a valid protocol, why
>> is that? I tried using my dissector for the header protocol, but it should
>> also disscet 2 trailer bytes, does that represent a problem ? What should I
>> put in the header size field?
>>
>> Besides, I've read that using the GUI and editing the DLT_User is the
>> same as using the function dissector_add_uint(), am I right? If so, why
>> isn't working? should I change something else in pcap-common.c or wtap.c or
>> wtap.h?
>>
>>
>> Armando Vázquez Ramírez
>>
>>
>> On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
>> > ashish.kumar.goel1@**gmail.com >> wrote:
>>
>>Hi Armando,
>>
>>The is a way you can do it through wireshark GUI. Go to preferences
>>-> protocols -> DLT_User. Here click on edit and add your protocol
>>on any of the User DLTs(147 - 162). But make sure that that the pcap
>>file you are using must have defined the same DLT value in its
>>global header.
>>
>>Hope this helps.
>>
>>Thanks,
>>Ashish
>>2012/3/2 Armando Vázquez mailto:avr...@gmail.com>>
>>
>>
>>Hi guys,
>>
>>I've read the developers guide, README.developer, wiretap plugin
>>wiki and found no answer. Here is my problem. I'm trying to use
>>Wireshark for dissecting a pcap capture of a protocol that it's
>>not currently defined in wireshark. So I started writing a
>>plugin, but I haven't been able to declare or register this
>>dissector so it is enabled as a link layer dissector. I need to
>>achieve this because this is not a internet protocol, so I need
>>to identify it in this layer.
>>
>>I've already read this dev-topic
>>(http://www.mail-archive.com/**wireshark-dev@wireshark.org/**
>> msg05931.html
>> )
>>but I didn't understand it well.
>>
>>The dissection part works fine, I've tested it using a pcap and
>>nesting it on top of TCP. I would really appreciate your help.
>>Also I've added in wtap.h
>>
>>#define WTAP_ENCAP_MYPROTOCOL 147
>>
>>and in wtap.c
>>
>>static struct encap_type_info encap_table_base[] = {
>>...
>>{ "RESERVED 138", "res0" },
>>{ "RESERVED 139", "res1" },
>>{ "RESERVED 140", "res2" },
>>{ "RESERVED 141", "res3" },
>>{ "RESERVED 142", "res4" },
>>{ "RESERVED 143", "res5" },
>>{ "RESERVED 144", "res6" },
>>{ "RESERVED 145", "res7" },
>>{ "RESERVED 146", "res8" },
>>
>>/* WTAP_ENCAP_MYPROTOCOL*/
>>{ "MY PROTOCOL, "myprotocol" }
>>};
>>
>>Here are the register and handoff sections of my code
>>
>>--**--**
>> --
>>void proto_register_myprotocol (void)
>>{
>>...
>>
>>myprotocol_dissector_table =
>>register_dissector_table("**myprotocol.proto","ACN protocol
>>number", FT_UINT8, BASE_HEX);
>>proto_register_field_array (proto_myprotocol, hf, array_length
>>(hf));
>>proto_register_subtree_array (ett, array_length (ett));
>>register_dissector("**myprotocol", dissect_myprotocol,
>>proto_myprotocol);
>>}
>>
>>void proto_reg_handoff_myprotocol(**void)
>>{
>>
>>data_handle = find_dissector("data");
>>myprotocol_handle = create_dissector_handle(**dissect_myprotocol,
>>proto_myprotocol);
>>dissector_add_uint("wtap_**encap", WTAP_ENCAP_MYPROTOCOL,
>> myprotocol_handle);
>>dissector_add_uint("tcp.port",
>>global_myprotocol_port, myprotocol_handle); // Registering this
>>on top of TCP was only to develop the dissection part, this
>>won't be present in the release version
>>
>>
>>}
>>
> __**__**
> ___
> Sent via:Wireshark-dev mailing list
> Archives:
> http://www.wireshark.org/**lists/wireshark-dev
> Unsubscribe:
> https://wireshark.org/mailman/**options/wireshark-dev
>
> mailto:wireshark-dev-request@**wireshark.org
> ?subject=**unsubscribe
>
___
Sent via:Wireshark-dev mailing list
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/
Re: [Wireshark-dev] How can I register a link layer protocol?
For this to work your dissector needs to be registered by name. To get
that it needs to call register_dissector().
Armando Vázquez wrote:
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why
is that? I tried using my dissector for the header protocol, but it
should also disscet 2 trailer bytes, does that represent a problem ?
What should I put in the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the
same as using the function dissector_add_uint(), am I right? If so, why
isn't working? should I change something else in pcap-common.c or wtap.c
or wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
mailto:ashish.kumar.go...@gmail.com>> wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences
-> protocols -> DLT_User. Here click on edit and add your protocol
on any of the User DLTs(147 - 162). But make sure that that the pcap
file you are using must have defined the same DLT value in its
global header.
Hope this helps.
Thanks,
Ashish
2012/3/2 Armando Vázquez mailto:avr...@gmail.com>>
Hi guys,
I've read the developers guide, README.developer, wiretap plugin
wiki and found no answer. Here is my problem. I'm trying to use
Wireshark for dissecting a pcap capture of a protocol that it's
not currently defined in wireshark. So I started writing a
plugin, but I haven't been able to declare or register this
dissector so it is enabled as a link layer dissector. I need to
achieve this because this is not a internet protocol, so I need
to identify it in this layer.
I've already read this dev-topic
(http://www.mail-archive.com/wireshark-dev@wireshark.org/msg05931.html)
but I didn't understand it well.
The dissection part works fine, I've tested it using a pcap and
nesting it on top of TCP. I would really appreciate your help.
Also I've added in wtap.h
#define WTAP_ENCAP_MYPROTOCOL 147
and in wtap.c
static struct encap_type_info encap_table_base[] = {
...
{ "RESERVED 138", "res0" },
{ "RESERVED 139", "res1" },
{ "RESERVED 140", "res2" },
{ "RESERVED 141", "res3" },
{ "RESERVED 142", "res4" },
{ "RESERVED 143", "res5" },
{ "RESERVED 144", "res6" },
{ "RESERVED 145", "res7" },
{ "RESERVED 146", "res8" },
/* WTAP_ENCAP_MYPROTOCOL*/
{ "MY PROTOCOL, "myprotocol" }
};
Here are the register and handoff sections of my code
--
void proto_register_myprotocol (void)
{
...
myprotocol_dissector_table =
register_dissector_table("myprotocol.proto","ACN protocol
number", FT_UINT8, BASE_HEX);
proto_register_field_array (proto_myprotocol, hf, array_length
(hf));
proto_register_subtree_array (ett, array_length (ett));
register_dissector("myprotocol", dissect_myprotocol,
proto_myprotocol);
}
void proto_reg_handoff_myprotocol(void)
{
data_handle = find_dissector("data");
myprotocol_handle = create_dissector_handle(dissect_myprotocol,
proto_myprotocol);
dissector_add_uint("wtap_encap", WTAP_ENCAP_MYPROTOCOL,
myprotocol_handle);
dissector_add_uint("tcp.port",
global_myprotocol_port, myprotocol_handle); // Registering this
on top of TCP was only to develop the dissection part, this
won't be present in the release version
}
___
Sent via:Wireshark-dev mailing list
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Alex,
The plugin you attached is meant to open filetypes different than pcap,
right? I don't understand how to use this knowledge with my problem. I'm
using a pcap file, thing is I want wireshark to dissect a protocol in the
link layer which is not included in wireshark.
Armando Vázquez Ramírez
On Mon, Mar 5, 2012 at 9:11 AM, Alex Lindberg wrote:
> I needed to read a unsupported file structure and protocol into
> Wireshark. I did this by creating a plugin that registered the necessary
> routines to read a file and determine if the file was the one I needed.
>
> 1st - register with wtap:
>
> /* register with wtap */
> void wtap_register_mst(void) {
> static struct file_type_info fi = {
> "My PROTOCOL File",/* name */
> "mst_file",/* short name */
> "*.*", /* file extensions */
> NULL, /* file extension default */
> FALSE, /* writing seek must */
> FALSE,/* has name resolution */
> NULL,/* can write this type of file encap? */
> NULL/* function to open for writing */
> };
> wtap_register_open_routine(myproto_open, TRUE);
> encap_mst_file = wtap_register_encap_type("My PROTOCOL FILE",
> "myproto_file");
> wf_myproto_file = wtap_register_file_type(&fi);
> }
>
> As you see, you need a open routine (myproto_open). The open routine
> determines of the file is of the flavor you are looking for, if so it
> created a file structure used by Wireshark.
>
> int myproto_open(wtap *wth, int *err, gchar **err_info _U_) {
> /* open routine. First determine if it is a myproto file. */
> /* The open_file_* routines should return:
> -1 on an I/O error;
> 1 if the file they're reading is one of the types it handles;
> 0 if the file they're reading isn't the type they're checking for.
> If the routine handles this type of file, it should set the "file_type"
> field in the "struct wtap" to the type of the file. */
> if (!(myproto_check_file(wth, err))) {
> if (*err == 0) {
> return 0;
> }
> else {
> return -1;
> }
> }
>
> /* point to 1st line */
> if(file_seek(wth->fh,0, SEEK_SET, err) == -1) {
> return -1;
> }
>
> wth->data_offset = 0;
> wth->file_encap = WTAP_ENCAP_USER15; /* encap type to use if save as
> pcap file */
> wth->file_type = WTAP_ENCAP_USER15;
> wth->subtype_read = myproto_read;/* routines to go for reading and
> seeking */
> wth->subtype_seek_read = myproto_seek_read;
> wth->snapshot_length = 0;/* not known */
> wth->tsprecision = WTAP_FILE_TSPREC_CSEC;
>
> return 1;
> }
>
> As an FYI, to get the plungin's wtap routines to register, I had to modify
> the local Makefile.am for plugin.c to look for the wtap register routine
> (only for the Python build which I am using)
>
> plugin.c: $(DISSECTOR_SRC) $(top_srcdir)/tools/make-dissector-reg \
> $(top_srcdir)/tools/make-dissector-reg.py
> @if test -n "$(PYTHON)"; then \
> echo Making plugin.c with python ; \
> $(PYTHON) $(top_srcdir)/tools/make-dissector-reg.py $(srcdir) \
> plugin_wtap $(DISSECTOR_SRC) ; \
> else \
> echo Making plugin.c with shell script ; \
> $(top_srcdir)/tools/make-dissector-reg $(srcdir) \
> $(plugin_src) plugin_wtap $(DISSECTOR_SRC) ; \
> fi
>
> Examples of these functions can be found in the wiretap directory. Best
> of luck
>
> Alex Lindberg
>
> --- On *Sat, 3/3/12, ashish goel * wrote:
>
>
> From: ashish goel
> Subject: Re: [Wireshark-dev] How can I register a link layer protocol?
> To: "Developer support list for Wireshark"
> Date: Saturday, March 3, 2012, 12:30 PM
>
>
> Hi Armando,
>
> Have you checked if your protocol is registered or not. One way to check
> this is to type your protocol's name in Wireshark's Display Filter textbox,
> the textbox's background should turn green.
> If your protocol is registered and it is not showing as valid protocol
> while adding to DLT_User encapsulation table then DLT_user file might have
> been corrupted.
> Try creating a new workspace and implement your changes into that. It
> should work.
>
> 2012/3/3 Armando Vázquez
> http://mc/compose?to=avr...@gmail.com>
> >
>
> Thanks ashis!
>
> When I tried this my protocol does not show up as a valid protocol, why is
> that? I tried using my dissector for the header protocol, but it should
> also disscet 2 trailer bytes, does that represent a problem ? What should I
> put in the header size field?
>
> Besides, I've read that using the GUI and editing the DLT_User is the same
> as using the function dissector_add_uint(), am I right? If so, why isn't
> working? should I change something else in pcap-common.c or wtap.c or
> wtap.h?
>
>
> Armando Vázquez Ramírez
>
>
>
> On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
> http
Re: [Wireshark-dev] QtShark Translation
On Mon, Mar 05, 2012 at 10:10:40AM +0100, Alexis La Goutte wrote:
> > You might try the following instructions for cmake:
> > http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software
> > but I'd be willing to do this once internationalization is committed.
> >
>
> I tried but... no work ! (for the moment...)
The attached patch will make it (amost) work (this assumes some of the renames
I proposed but you will get the idea from it).
It will cause compilation to fail unless either
a) source dir is also the build dir or
b) you manually create a link for qtshark_fr.qm into the source dir
I will eventually look into the dependency problem, but for now I'm happy
it works at all
Ciao
Jörg
--
Joerg Mayer
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
Index: CMakeLists.txt
===
--- CMakeLists.txt (revision 41354)
+++ CMakeLists.txt (working copy)
@@ -92,15 +92,22 @@
set(QTSHARK_QRC
display_filter.qrc
+ i18n.qrc
toolbar.qrc
welcome.qrc
)
+set(QTSHARK_TS
+ qtshark_fr.ts
+)
+
include_directories(
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_BINARY_DIR}
)
+QT4_ADD_TRANSLATION(QTSHARK_TS_QM ${QTSHARK_TS})
+
QT4_ADD_RESOURCES(QTSHARK_QRC_SRC ${QTSHARK_QRC})
QT4_WRAP_UI(QTSHARK_UI_SRC ${QTSHARK_UI})
@@ -132,6 +139,7 @@
${QTSHARK_UI_SRC}
${QTSHARK_MOC_SRC}
${QTSHARK_QRC_SRC}
+ ${QTSHARK_TS_QM}
)
set_target_properties(qtui PROPERTIES LINK_FLAGS "${WS_LINK_FLAGS}")
Index: wireshark_application.cpp
===
--- wireshark_application.cpp (revision 41354)
+++ wireshark_application.cpp (working copy)
@@ -264,6 +264,7 @@
wsApp = this;
Q_INIT_RESOURCE(display_filter);
+Q_INIT_RESOURCE(i18n);
Q_INIT_RESOURCE(toolbar);
Q_INIT_RESOURCE(welcome);
___
Sent via:Wireshark-dev mailing list
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
Hi Ashish, My protocol is registered, when I type it in the filter box it turns green. Also, I've built again wireshark (hope that's what you meant by creating a new workspace) but I still get the "dissector not found" error when I'm editing the DLT user in the GUI as you advice me. What could be wrong? Thanks so much for aiding me Armando Vázquez Ramírez ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
On Mon, Mar 05, 2012 at 03:45:09PM +0100, Joerg Mayer wrote: > OK, some summary feedback (we talked about some of this already): One more thing ;-) - It looks like the qt-specific initialization is done in wireshark_main.cpp while you do the i18 stuff in main.cpp. ciao Jörg -- Joerg Mayer We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] How can I register a link layer protocol?
I needed to read a unsupported file structure and protocol into Wireshark. I
did this by creating a plugin that registered the necessary routines to read a
file and determine if the file was the one I needed.
1st - register with wtap:
/* register with wtap */
void wtap_register_mst(void) {
static struct file_type_info fi = {
"My PROTOCOL File", /* name */
"mst_file", /* short name */
"*.*", /* file extensions */
NULL, /* file extension default */
FALSE, /* writing seek must */
FALSE, /* has name resolution */
NULL, /* can write this type of file encap? */
NULL /* function to open for writing */
};
wtap_register_open_routine(myproto_open, TRUE);
encap_mst_file = wtap_register_encap_type("My PROTOCOL FILE",
"myproto_file");
wf_myproto_file = wtap_register_file_type(&fi);
}
As you see, you need a open routine (myproto_open). The open routine
determines of the file is of the flavor you are looking for, if so it created a
file structure used by Wireshark.
int myproto_open(wtap *wth, int *err, gchar **err_info _U_) {
/* open routine. First determine if it is a myproto file. */
/* The open_file_* routines should return:
-1 on an I/O error;
1 if the file they're reading is one of the types it handles;
0 if the file they're reading isn't the type they're checking for.
If the routine handles this type of file, it should set the "file_type"
field in the "struct wtap" to the type of the file. */
if (!(myproto_check_file(wth, err))) {
if (*err == 0) {
return 0;
}
else {
return -1;
}
}
/* point to 1st line */
if(file_seek(wth->fh,0, SEEK_SET, err) == -1) {
return -1;
}
wth->data_offset = 0;
wth->file_encap = WTAP_ENCAP_USER15; /* encap type to use if save as pcap
file */
wth->file_type = WTAP_ENCAP_USER15;
wth->subtype_read = myproto_read; /* routines to go for reading and
seeking */
wth->subtype_seek_read = myproto_seek_read;
wth->snapshot_length = 0; /* not known */
wth->tsprecision = WTAP_FILE_TSPREC_CSEC;
return 1;
}
As an FYI, to get the plungin's wtap routines to register, I had to modify the
local Makefile.am for plugin.c to look for the wtap register routine (only for
the Python build which I am using)
plugin.c: $(DISSECTOR_SRC) $(top_srcdir)/tools/make-dissector-reg \
$(top_srcdir)/tools/make-dissector-reg.py
@if test -n "$(PYTHON)"; then \
echo Making plugin.c with python ; \
$(PYTHON) $(top_srcdir)/tools/make-dissector-reg.py $(srcdir) \
plugin_wtap $(DISSECTOR_SRC) ; \
else \
echo Making plugin.c with shell script ; \
$(top_srcdir)/tools/make-dissector-reg $(srcdir) \
$(plugin_src) plugin_wtap $(DISSECTOR_SRC) ; \
fi
Examples of these functions can be found in the wiretap directory. Best of luck
Alex Lindberg
--- On Sat, 3/3/12, ashish goel wrote:
From: ashish goel
Subject: Re: [Wireshark-dev] How can I register a link layer protocol?
To: "Developer support list for Wireshark"
Date: Saturday, March 3, 2012, 12:30 PM
Hi Armando,
Have you checked if your protocol is registered or not. One way to check this
is to type your protocol's name in Wireshark's Display Filter textbox, the
textbox's background should turn green.
If your protocol is registered and it is not showing as valid protocol while
adding to DLT_User encapsulation table then DLT_user file might have been
corrupted.
Try creating a new workspace and implement your changes into that. It should
work.
2012/3/3 Armando Vázquez
Thanks ashis!
When I tried this my protocol does not show up as a valid protocol, why is
that? I tried using my dissector for the header protocol, but it should also
disscet 2 trailer bytes, does that represent a problem ? What should I put in
the header size field?
Besides, I've read that using the GUI and editing the DLT_User is the same as
using the function dissector_add_uint(), am I right? If so, why isn't working?
should I change something else in pcap-common.c or wtap.c or wtap.h?
Armando Vázquez Ramírez
On Sat, Mar 3, 2012 at 6:27 AM, ashish goel
wrote:
Hi Armando,
The is a way you can do it through wireshark GUI. Go to preferences ->
protocols -> DLT_User. Here click on edit and add your protocol on any of the
User DLTs(147 - 162). But make sure that that the pcap file you are using must
have defined the same DLT value in its global header.
Hope this helps.
Thanks,Ashish
2012/3/2 Armando Vázquez
Hi guys,
I've read the developers guide, README.developer, wiretap plugin wiki and found
no answer. Here is my problem. I'm trying to use Wireshark for dissecting a
pcap capture of a protocol that it's not currently defined in w
Re: [Wireshark-dev] QtShark Translation
On Sun, Mar 04, 2012 at 08:21:14PM +0100, Alexis La Goutte wrote: > I realized a patch to add the i10n version of QtShark. The goal is only to > translate the Gui (not dissector) > Actually, there is only a french translations ! > > To test, launch qtshark with LANG=fr ./qtshark (in ui/qt folder) > > For make your own translation! it is easy ! > >- Add your translation (wireshark_XX.ts) in QtShark.pro >- Launch lupdate QtShark.pro to generate/update your translation file >- Translate with Qt Linguist >- Launch lrelease QtShark.pro to create/update wireshark_xx.qm file OK, some summary feedback (we talked about some of this already): - please rename wireshark_XX.ts to qtshark_XX.ts as the executable is name qtshark. - please rename i10n.qrc to i18n.qrc - what is the use of i10n.qrc anyway (couldn't find it in any examples > More information about Qt Translation is available in > http://qt-project.org/doc/qt-4.8/linguist-manual.html - Please add the stuff to README.qt > It missing some feature : > * Add preference to select(force) your language Might make sense as some people would prefer the Enligsh GUI even if the rest of the applications are in their netive language. > * Support of Cmake I'm working on it - but it isn't working (same as you found out) so far. > * Some text it is no available for translation... I don't understand this one :) How about committing this soon'ish? Ciao Jörg -- Joerg Mayer We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
On Mon, Mar 5, 2012 at 12:14 PM, Joerg Mayer wrote: > Hello Alexis, > > On Mon, Mar 05, 2012 at 10:10:40AM +0100, Alexis La Goutte wrote: > > > You might try the following instructions for cmake: > > > http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software > > > but I'd be willing to do this once internationalization is committed. > > > > > > > I tried but... no work ! (for the moment...) > > No problem - as I wrote: I will try it once it is committed. > > > > While looking at the translation file: It seems to contain the line > numbers > > > of the english original - does this mean the translation will fail if > the > > > line numbers change because someone makes changes to the code? > > > > > No ! > > The line is only for information... when the translator translate ! (with > > Qt linguist) (there is a source view to see the context of the > > translation...) > > and the line is auto-generated by lupdate ! > > Ah, good. Maybe you could add a file ui/qt/README.translate or whatever on > how > to go and translate into another language or update an existing one (I > didn't > know about Qt linguit). > I think add a chapite to doc/Readme.qt > > Ciao > Jörg > -- > Joerg Mayer > We are stuck with technology when what we really want is just stuff that > works. Some say that should read Microsoft instead of technology. > ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
Hello Alexis, On Mon, Mar 05, 2012 at 10:10:40AM +0100, Alexis La Goutte wrote: > > You might try the following instructions for cmake: > > http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software > > but I'd be willing to do this once internationalization is committed. > > > > I tried but... no work ! (for the moment...) No problem - as I wrote: I will try it once it is committed. > > While looking at the translation file: It seems to contain the line numbers > > of the english original - does this mean the translation will fail if the > > line numbers change because someone makes changes to the code? > > > No ! > The line is only for information... when the translator translate ! (with > Qt linguist) (there is a source view to see the context of the > translation...) > and the line is auto-generated by lupdate ! Ah, good. Maybe you could add a file ui/qt/README.translate or whatever on how to go and translate into another language or update an existing one (I didn't know about Qt linguit). Ciao Jörg -- Joerg Mayer We are stuck with technology when what we really want is just stuff that works. Some say that should read Microsoft instead of technology. ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] QtShark Translation
Hi Joerg, On Sun, Mar 4, 2012 at 10:50 PM, Joerg Mayer wrote: > Hello Alexis, > > nice piece of work. I have one annotation and one question: > > You might try the following instructions for cmake: > http://www.cmake.org/Wiki/CMake:How_To_Build_Qt4_Software > but I'd be willing to do this once internationalization is committed. > I tried but... no work ! (for the moment...) > > While looking at the translation file: It seems to contain the line numbers > of the english original - does this mean the translation will fail if the > line numbers change because someone makes changes to the code? > No ! The line is only for information... when the translator translate ! (with Qt linguist) (there is a source view to see the context of the translation...) and the line is auto-generated by lupdate ! > > Thanks > Jörg > -- > Joerg Mayer > We are stuck with technology when what we really want is just stuff that > works. Some say that should read Microsoft instead of technology. > > ___ > Sent via:Wireshark-dev mailing list > Archives:http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe > ___ Sent via:Wireshark-dev mailing list Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
