[Wireshark-dev] Feature request for LUA dissector(s)

2019-06-25 Thread Helge Kruse 

Hi,

I wrote some dissectors using C/C++ in the past. Some of the
(proprietary) protocols based on TCP use a protocol negotiation that
result in different protocol variants. These variants are incompatible
without respecting the protocol variant. For that purpose it was very
helpful to identify a conversation in a TCP connection.

Unfortunately conversations are not supported yet for LUA dissectors
(Bug 15396 ).
Unfortunately the bug was rated with "low importance". How can I
convince the development team to give more attention? Is there any
workaround?

Best regards,
Helge

___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Conversation tracking in LUA dissector

2019-05-25 Thread Helge Kruse 
I have a protocol with several versions. Dependent on the negotiated
protocol version at begin of the session the structure of the messages
is different. While writing C++ dissectors I used the conversation
member of pktinfo. How can I implement this in a LUA dissector?

Corresponding to
https://www.wireshark.org/docs/wsdg_html/#lua_class_Pinfo the pktinfo
should have a member conversation. But when I try to access it I get an
error:
"No such 'conversation' method/field for object type 'Pinfo'

It looks like there is already an open bug:
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15396

Do you have any other idea how to save information of a session?

Best regards,
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] size_t under Windows ...

2017-11-24 Thread Helge Kruse 
DWORD is a 32 bit unsigned integer.
size_t is platform dependent, 32 bits in 32 bit Windows and 64 bits in
64 bit Windows. I assume this is similar in other OS like Linux.
Therfore you can't replace DWORD by size_t without checking the impact.

Further there is an additional member cap_pipe_buf in the #ifdef(_WIN32) branch.

Regards
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Tips regarding measuring function execution times

2017-10-16 Thread Helge Kruse 
Hi Paul,

If you are working in Windows environment you can use
QueryPerformanceCounter (QPC) to get a high resolution time value. The
actual time resolution might vary, use QueryPerfomanceFrequency to get
the resolution. At my Windows 10 system I get a frequency of 3914059,
i.e. ~250ns.

But there is no C++ interface necessary tp Access QPC/QPF.
(https://msdn.microsoft.com/en-us/library/windows/desktop/ms644904(v=vs.85).aspx)

See also: 
https://msdn.microsoft.com/en-us/library/windows/desktop/dn553408(v=vs.85).aspx

Regards
Helge

2017-10-16 8:34 GMT+02:00 Paul Offord :
> Hi Roland,
>
>
>
> I’m only doing this for debugging purposes, and I accumulate the total time
> as each packet is dissected.  To get the value as output I’ve put the printf
> in a cleanup routine that gets triggered when I close the trace file.
>
>
>
> Unfortunately, microsecond granularity is not going to do it.  All start and
> end times produced by the code below are equal – giving an elapsed time of
> zero.  I’ve been looking at Windows nanosecond timers but I’ll have to use
> C++ to get access to those.
>
>
>
> Best regards….Paul
>
>
>
> From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf
> Of Roland Knall
> Sent: 16 October 2017 05:38
>
>
> To: Developer support list for Wireshark 
> Subject: Re: [Wireshark-dev] Tips regarding measuring function execution
> times
>
>
>
> Keep in mind, that printf is by far one of the slowest functions.
> Additionally it slows also down the output as well. I'd recommend writing
> the times into a buffer and dumping them in intervalls, very much like the
> tap's work, otherwise what you see might not be what is happening on the
> network.
>
>
>
> cheers
>
>
>
> On Sun, Oct 15, 2017 at 11:15 PM, Paul Offord 
> wrote:
>
> Thanks to all for the tips.  I’ll give it a go.
>
>
>
> From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf
> Of Pascal Quantin
> Sent: 15 October 2017 21:50
> To: Developer support list for Wireshark 
> Subject: Re: [Wireshark-dev] Tips regarding measuring function execution
> times
>
>
>
>
>
>
>
> 2017-10-15 22:40 GMT+02:00 João Valverde :
>
>
>
> On 15-10-2017 21:32, Peter Wu wrote:
>
> On Sat, Oct 14, 2017 at 02:18:39PM +, Paul Offord wrote:
>
> I'm investigating a performance problem with the TRANSUM dissector.  I'd
> like to measure the accumulated time taken to execute a function in a
> Release build.  My basic idea is to do something like this:
>
> guint32 execute_time_us;
> .
> .
> start_stopwatch(&execute_time_us);
> function_call_to_be_measured();
> pause_stopwatch(&execute_time_us);
>
> .
> .
> .
>
> stop_and_output_stopwatch(&execute_time_us);
>
> Is there a standard way to do this in Wireshark?  How can I output the
> accumulated time on, say, the Status Line?
>
>
> Not sure about the Status line question, but you can measure elapsed
> microseconds with something like:
>
>  guint64 start_time, end_time;
>
>  start_time = g_get_monotonic_time();
>  // ...
>  end_time = g_get_monotonic_time();
>  // ...
>  g_print("elapsed us: %" G_GUINT64_FORMAT, end_time - start_time);
>
> https://developer.gnome.org/glib/stable/glib-Date-and-Time-Functions.html#g-get-monotonic-time
>
>
> I think console output doesn't work on Windows for graphical applications,
> or something like that. There isn't a better standard mechanism for debug
> output in Wireshark, that I know of.
>
>
>
> You can make it appear with Edit -> Preferences -> Advanced -> change
> gui.console_open option to ALWAYS.
>
>
>
> Pascal.
>
>
> __
>
> This message contains confidential information and is intended only for the
> individual named. If you are not the named addressee you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately by e-mail if you have received this e-mail by mistake and delete
> this e-mail from your system.
>
> Any views or opinions expressed are solely those of the author and do not
> necessarily represent those of Advance Seven Ltd. E-mail transmission cannot
> be guaranteed to be secure or error-free as information could be
> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
> contain viruses. The sender therefore does not accept liability for any
> errors or omissions in the contents of this message, which arise as a result
> of e-mail transmission.
>
> Advance Seven Ltd. Registered in England & Wales numbered 2373877 at
> Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ
>
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __
>
>
> ___
> Sent via:Wireshark-dev mailing list 
>

Re: [Wireshark-dev] Is there any way to do session wise listing in wireshark?

2015-07-12 Thread Helge Kruse 


Am 12. Juli 2015 18:50:03 MESZ, schrieb BATI YADAV :
>Hello all,
>Is there any way to do session wise listing in wireshark?

Select a packet, right click to open the context menu and choose "Follow TCP 
stream". If this doesn't match your understanding of session wise listing, 
please elaborate.

Regards
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] MAC address field

2015-06-11 Thread Helge Kruse 
I read about the MAC address in
http://en.wikipedia.org/wiki/MAC_address#Address_details. This describes
that the lower two bits of the first MAC byte are reserved. The lower bit is
reserved for non-unicast (a.k.a. as broadcast) and the second for locally
administered addresses.

 

Reading the OUI list at http://standards-oui.ieee.org/oui.txt lists the OUI
"02-60-8C" assigned to 3COM. This does not reflect the definition in the
Wikipedia article. Is this OUI assigned in error? How can this "locally
administered" bit be used?

 

The Wireshark Ethernet dissector shows this as "LG bit: Globally unique
address".

 

Best regards

Helge

 



smime.p7s
Description: S/MIME cryptographic signature
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] PVS-Studio analysis of Wireshark

2015-06-05 Thread Helge Kruse 
Intentinally NOT sent to the list...

I think Opemsource can be used for that purpose even if they get a benefit from 
it without any donation. Even if I'm wrong it would be hard to do anxthing 
against it.

They don't tell the price of PVS at the website. I asked for an offer to a 
hobby programmer. They had to admit that 7,2000$ is too expensive to even talk 
about it. But they proposed me to use an evaluation version, write and publish 
a (not necessarily positive) review, and get a one year free license for that.

Here the reason for off-list: What about taking this in a yearly manner by 
different member of the Wireshark developers? I don't know if PVS is even worth 
doing this. It just came in mind, anyway they would get their review.

Regards
Helge

Cite:
Thanks for your interest to PVS-Studio!

Unfortunately PVS-Studio is not designed for single developers or projects 
developed as a hobby. We work with teams involved in commercial software 
development and offer them licenses with prices starting with $7200. We don’t 
have any special inexpensive offer for you. As our experience has proved, this 
area is commercially unpromising.

As an alternative, we can offer you the following deal. We can trade a 
PVS-Studio license for one article about our tool written by you.

The terms are the following:

We grant you a PVS-Studio license for 2 weeks. You analyze your project, study 
PVS-Studio, and write an article about it. We coordinate on the text and then 
you publish it on the Internet. You can post it at your site or blog, or any 
third-party resource, for examplemedium.com. In return, we will grant you a 
PVS-Studio license for one year. You can use it when working on your project.

Of course, we are interested in getting positive feedback. But it doesn’t mean 
that you must only praise our product. Be honest and speak out your true 
impressions. But I hope you understand that we aren’t interested in granting 
licenses for being criticized. :)

What do you think of this offer?

Evgeniy Ryzhkov
OOO “Program Verification Systems” (Co Ltd)

Am 5. Juni 2015 11:44:07 MESZ, schrieb Graham Bloice 
:
>I've dabbled with PVS a little bit, the output does seem to find a few
>things other static analyzers miss, but the reverse also applies.
>
>Unfortunately they don't seem to offer free licences for Open source
>projects, although they do use open source projects as demos for their
>software, see http://www.viva64.com/en/examples/.
>
>
>
>On 4 June 2015 at 19:09, Alexis La Goutte 
>wrote:
>
>>
>>
>> On Thu, Jun 4, 2015 at 7:21 PM, Gerald Combs 
>wrote:
>>
>>> Andrey Kalashnikov analyzed Wireshark using the PVS-Studio static
>analyzer
>>> and wrote up an interesting report at
>http://www.viva64.com/en/b/0328/ .
>>>
>>> Thanks to Andrey,
>>
>>
>>
>>> It looks like we've fixed a couple of the errors independently but
>the
>>> rest
>>> look easy enough to fix.
>>>
>> Yes and need also to try on master branch...
>>
>>>
>>>
>___
>>> Sent via:Wireshark-dev mailing list
>
>>> Archives:https://www.wireshark.org/lists/wireshark-dev
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>>  mailto:wireshark-dev-requ...@wireshark.org
>>> ?subject=unsubscribe
>>>
>>
>>
>>
>___
>> Sent via:Wireshark-dev mailing list 
>> Archives:https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>  mailto:wireshark-dev-requ...@wireshark.org
>> ?subject=unsubscribe
>>
>
>
>
>-- 
>Graham Bloice
>Software Developer
>Trihedral UK Limited
>
>
>
>
>___
>Sent via:Wireshark-dev mailing list 
>Archives:https://www.wireshark.org/lists/wireshark-dev
>Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Migrating dissector to WS 1.12

2015-05-20 Thread Helge Kruse 
Hi Pascal,

 

at first I’ve spotted two additional functions that are missing or have changed 
the semantic.

 

In old dissector I have a construct

   if (check_col(m_pinfo->cinfo, COL_PROTOCOL))

   {  // column is displayed

 col_set_str(m_pinfo->cinfo, COL_PROTOCOL, "my protocol");

   }

 

The check_col function is not available anymore. How to fill the protocol 
column.

 

And the second question is about TCP stream dissection. The function 
tcp_dissect_pdus has changed parameters and the signature of new_dissector_t 
isn’t clear. Wasn’t it the job of the get_pdu_len function to get the correct 
number of byte of a pdu?

 

Best regards

Helge

 

From: wireshark-dev-boun...@wireshark.org 
[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Pascal Quantin
Sent: Wednesday, May 20, 2015 7:04 PM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Migrating dissector to WS 1.12

 

Hi Helge,

 

2015-05-20 18:46 GMT+02:00 Helge Kruse :

Hi,

I am migrating from WS 1.6 to WS 1.12 skipping all version between.
I have some code that uses functions that are not available in the
current version. How can I find how this functions are replaced by newer
functions?

Example: tvb_get_ephemeral_string()

 

This one is replaced by 
tvb_get_string_enc(wmem_packet_scope(),tvb,offset,length, ENC_ASCII | ENC_NA);

Conversions from older to newer APIs are not veery well documented 
unfortunately. You can easily find them by doing searches in git hitory, or if 
the list is not too long you can ask on this mailing list.

Regards,

Pascal.



smime.p7s
Description: S/MIME cryptographic signature
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Migrating dissector to WS 1.12

2015-05-20 Thread Helge Kruse 
Hi,

I am migrating from WS 1.6 to WS 1.12 skipping all version between.
I have some code that uses functions that are not available in the
current version. How can I find how this functions are replaced by newer
functions?

Example: tvb_get_ephemeral_string()

Regards
Helge

-- 
PGP Fingerprint: EDCE F8C8 B727 6CC5 7006 05C1 BD3F EADC 8922 1F61



signature.asc
Description: OpenPGP digital signature
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Utilize the pdb files

2015-05-14 Thread Helge Kruse 

Hello,

I've written some dissector plugins for Wireshark 1.6. Now I want to
update these plugins and upgrade to the current version of Wireshark.
There are a lot of tools necessary to compile Wireshark (Qt, Cygwin,
Python, Git, ...). I would get a debug version of Wireshark and the
corresponding pdb file what is the link to the sources.

So I tried the other way. I've downloaded
- Wireshark-win64-1.12.5.exe
- Wireshark-pdb-win64-1.12.5.zip

and installed Wireshark, and extracted the pdb files. Then I started
Wireshark.exe, attached with VS2013 debugger but the debugger dit not
accept the pdb file. That is not a bug surprise since the modification
date of the files differes by hours.

12.05.2015  22:44 3.083.184 Wireshark.exe
14.05.2015  12:59 9.219.072 Wireshark.pdb

Where can I get .exe for that .pdb in the file

https://www.wireshark.org/download/win64/all-versions/Wireshark-pdb-win64-1.12.5.zip


or the .pdb file for the .exe in

https://www.wireshark.org/download/win64/all-versions/Wireshark-win64-1.12.5.exe
?


Regards
Helge

-- 
PGP Fingerprint: EDCE F8C8 B727 6CC5 7006 05C1 BD3F EADC 8922 1F61
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Utilize the pdb files

2015-05-14 Thread Helge Kruse 
Hello,

 

I've written some dissector plugins for Wireshark 1.6. Now I want to update these plugins and upgrade to the current version of Wireshark. There are a lot of tools necessary to compile Wireshark (Qt, Cygwin, Python, Git, ...). I would get a debug version of Wireshark and the corresponding pdb file what is the link to the sources.

 

So I tried the other way. I've downloaded

- Wireshark-win64-1.12.5.exe

- Wireshark-pdb-win64-1.12.5.zip

and installed Wireshark, and extracted the pdb files. Then I started Wireshark.exe, attached with VS2013 debugger but the debugger dit not accept the pdb file. That is not a bug surprise since the modification date of the files differes by hours.

 

12.05.2015  22:44 3.083.184 Wireshark.exe
14.05.2015  12:59 9.219.072 Wireshark.pdb

 

Where can I get .exe for that .pdb in the file

https://www.wireshark.org/download/win64/all-versions/Wireshark-pdb-win64-1.12.5.zip 

or the .pdb file for the .exe in

https://www.wireshark.org/download/win64/all-versions/Wireshark-win64-1.12.5.exe

?

 

Regards

Helge

 
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Ungerister hfinfo fields

2012-07-25 Thread Helge Kruse 
While implementing a dissector I need to unregister hfinfo structs. 
These structs had been created temporarily and should be deleted. 
Someting similar can also be found in packet-http.c, line#2122.


The libWireshark.dll exports proto_register_field_array but 
unfortunately not proto_unregister_field. Hence this functionality is 
not supported for dissector plug-ins. Can you please add 
proto_unregister_field to the export list in libwireshark.def?


Thanks,
Helge

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Missing link

2012-07-14 Thread Helge Kruse 

Hello,

on the page http://www.wireshark.org/develop.html is a link to the 
"Developer's Guid has complete documentation". The link address is
http://www.wireshark.org/docs/wsdg_html/#ChSrcSend but there is no 
corresponding target.


Regards
Helge

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] compiling 1.8.0 on Win7

2012-07-02 Thread Helge Kruse 
A new Wireshark stable version is out and I need to update my dissectors 
build package. Therefore I need to compile the Wireshark 1.8.0 sources.


During the build I get an error

> tools/textify.sh: line 50: u2d: command not found

just after building of tshark.exe.

I have Cygwin installed. When I run in Cygwin bash "u2d" I get the 
"command not found" too. But I have installed cygutils 1.4.10-2 that 
should include this Unix/Dos format conversion tool. Do I need a 
specific version of Cygwin? Are there any other changes necessary in the 
build environment since Wireshark 1.6.2?



Regards
Helge

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] SPX protocol subdissector

2011-11-25 Thread Helge Kruse 

 Original-Nachricht 
> Datum: Thu, 24 Nov 2011 12:11:21 -0800
> Von: Guy Harris 
> An: Developer support list for Wireshark 
> Betreff: Re: [Wireshark-dev] SPX protocol subdissector

> 
> On Nov 24, 2011, at 11:44 AM, Andreas wrote:
> 
> > You can only use add your dissector for fields that are registered with
> register_dissector_table for this purpose.
> 
> ...and they're not fields, they're just dissector tables; by *convention*,
> dissector tables are often given the same name as fields, if they happen
> to correspond exactly to one particular field, but that's not a requirement
> - there's no field named "ethertype", but there's a dissector table named
> "ethertype", which is used for several fields (the type field in Ethernet
> packets, the protocol ID field in SNAP packets with an OUI of 00:00:00,
> etc.), and most fields don't have dissector tables associated with them.
> 
> > I fear you can't register your dissector without changing packet-ipx.c.
> 
> ...by adding a new dissector table and code to use it.
... what requires that you distribute your self-built Wireshark with your DLL.

Helge

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Debugging on Windows

2011-11-12 Thread Helge Kruse 

Andreas,
Sounds like you compile for Microsoft Windows.
The config.nmake provides several opportunities for development environment. 
Which compiler version do you prefer? (2005,2008,2010)


I use the "professional" version of VC, so I have no problem with a 
debugger. I didn't think that the express versions come without a debugger. 
Probably there is a debugger in the Windows SDK, but this should match your 
compiler version.


Helge

- Original Message - 
From: "Andreas Sikkema" 

To: 
Sent: Saturday, November 12, 2011 12:59 PM
Subject: [Wireshark-dev] Debugging on Windows



After being away for close to 10 years I finally have a need for a new
protocol dissector so I started developing again. I've got one working,
but since I don't have access to Visual Studio anymore, I downloaded the
Express version. I'm assuming Microsoft thinks its debugger is secret
sauce, are there any alternatives?


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Looking for a Wireshark Plugin Tool Developer?

2011-11-11 Thread Helge Kruse 

Am 10.11.2011 18:07, schrieb Jason Saham:

I am looking for a consultant that can help us develop some Wireshark plugins 
that can read our port and time stamping data from our network products.
If you know or anyone or yourself interested please feel free to contact me 
directly.



Can you send details?
- Should you plug-in be a DLL for Windows or a shared library for a 
Unix-like operating system?

- If it's for Windows, which compiler do you need to support?
- Is it a protocol based on UDP or TCP?
- Can you provide some details about the protocol?

Kind regards,
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] include "tvbuff.h" failed

2011-10-14 Thread Helge Kruse 

 Original-Nachricht 
> Datum: Wed, 12 Oct 2011 09:04:42 +0200
> Von: Marcel Haas 
> An: Developer support list for Wireshark 
> Betreff: Re: [Wireshark-dev] include "tvbuff.h" failed

> 
>  #ifdef HAVE_CONFIG_H
>  #include "config.h"
>  #endif

You should remove the "#ifdef HAVE_CONFIG_H", config.h is always used.

Regards,
Helge

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Correct and efficient way of displaying bit fields?

2011-10-08 Thread Helge Kruse 

Am 07.10.2011 23:22, schrieb Kaul:

I'm struggling for some time now with displaying bitfields, I'm sure there
must be something I'm overlooking, or it's just a bit difficult to do in
Wireshark.

I have a 32bit, little endian field, which I'd like to parse the bits (as
set/not set):
Example:
05 00 00 00

1 0 0 0  Feature A - set
0 0 0 0 ... Feature B - not set
0 0 1 0 ... Feature C - Set


1. Do I really have to create a hf_xxx for each? And use something like
proto_tree_add_bits_item() ? I was hoping to do it in a single
proto_tree_add_xxx() and pass it a single HF that would hold a VALS(...)
which will describe all the attributes.


When you add all these hf_info records you provide information that will 
be displayed quite well. Additionally all these fields can be  used in a 
display filter expression. That's worth to add all the info.


When I have such one-bit fields I put them in an array and use a loop 
over this field and call proto_tree_add_boolean for each iteration. This 
saves code lines. But when the field size varies, you will need 
individual code lines.


Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wireshark dissectors implementation with LUA

2011-10-03 Thread Helge Kruse 

Am 01.10.2011 11:14, schrieb Stig Bjørlykke:

On Sat, Oct 1, 2011 at 10:59 AM, Helge Kruse  wrote:

Where do I find good samples or tutorials to get a glimpse of Lua dissectors?


You can have a look at this presentation:
http://sharkfest.wireshark.org/sharkfest.09/DT06_Bjorlykke_Lua%20Scripting%20in%20Wireshark.pdf



Thanks for this introduction. I got my first LUA dissector loaded. With 
your and Robert's help it should now work for me.


Regards,
Helge

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Wireshark dissectors implementation with LUA

2011-10-01 Thread Helge Kruse 

Hello,

I am a bit experience with dissector plug-ins written in C++. But I 
would like to evaluate if dissectors could also be written in Lua. I 
don't find an example in the Wireshark source code. Where do I find good 
samples or tutorials to get a glimpse of Lua dissectors?
http://wiki.wireshark.org/Lua shows links to Lua basics and Wireshark's 
Lua API, but unfortunately it doesn't include dissector examples.


Regards,
Helge

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Problem in building Plugin

2011-09-22 Thread Helge Kruse 

Am 22.09.2011 10:27, schrieb Rajesh P S:

Sorry. Problem is with struct fragment_items  as this has undergone some
changes between 1.2.6 to 1.6.2. Earlier there was only 6 fields now they
have added two more. Its working fine.


Ok, you updated your dissector code to the new Wireshark interface 
version 1.6.



But I am facing another issue where in when I try to run wireshark.exe I am
getting this run time error.

[image: image.png]
Besides some changes in the interface (e.g. structure layout, renamed 
functions, removed functions, added functions) there are also some 
functional changes. While you could pass an array to an uninitialized 
ett array the new version checks for initialization.


The function proto_register_subtree_arrray has one out parameter. It's 
an array identified by an address and a count. If you don't try to pass 
the same array multiple times to the function, you probably have not 
initializes this array. The old code


  int m_ettHeader;
  int m_ettBody;
  int* tree[2] = { &m_ettHeader, m_ettBody };
  proto_register_subtree_arrray(tree, 2);

must be changed:

  int m_ettHeader = -1;
  int m_ettBody = -1;
  ...

BTW: This is told in the message box you've sent.

Regards,
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Problem in building Plugin

2011-09-22 Thread Helge Kruse 

Am 22.09.2011 08:20, schrieb Rajesh P S:

NO. I haven't modified resemble.h. And the file has above mentioned struct.
I downloaded 1.6.2 source code and I am trying to build my plugin
with 1.6.2.


I would check the include path. You find it in the "Command Line" tab of 
the Project Properties dialog.


You could also generate a preprocessor output file and verify the 
actually include files. Check the "Generate Preprocessed File" option in 
the C/C++ Preprocessor tab of the Project Properties dialog to generate 
the .i file. You will have to remove this option to compile to .obj 
files after the verification.


BTW: You have used char[18] with this line: "Message fragments"


Regards,
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Wireshark 1.6.2 is now available

2011-09-08 Thread Helge Kruse 

Am 08.09.2011 19:38, schrieb Gerald Combs:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I'm proud to announce the release of Wireshark 1.6.2.


That's great. Thank you.

At the download page is still a reference to "the latest development 
version" 1.6.0rc2. I though the development release should be 1.7.x. 
What's my fault with this thinking?


Regards,
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Problem compiling Wireshark 1.6.1

2011-08-27 Thread Helge Kruse 

Am 22.08.2011 22:24, schrieb Andreas:

mt.exe -nologo -manifest "zlib1.dll.manifest"
-outputresource:zlib1.dll;2

The last command always crashes. The tool mt.exe loads zlib1.dll to
memory and doesn't find the correct run-time library.


This behavior is the same when I compile any other (not Wireshark 
related) project, that uses this old style (?) of integrating a manifest 
in a DLL:

/nologo /outputresource:".\Release\FooDissector.dll;#2"

Another approach seems to be to compile the manifest as a resource and 
include it with the linker to the executable.


Despite this change there must be something wrong with my build machine 
not with the Wireshark environment. I will have to check that. I would 
like to avoid John Allen Miller's solution: http://kuerzer.de/6AWCrWL7x


--
Andy
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Problem compiling Wireshark 1.6.1

2011-08-27 Thread Helge Kruse 

Am 24.08.2011 11:32, schrieb Guy Harris:


On Aug 24, 2011, at 1:52 AM, Graham Bloice wrote:


Is there any error message at all from the build after the call to mt.exe?

No.



 From your command prompt after the build fails what is the output from "where
mt.exe"?

C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\mt.exe



Because, after all, one of the most important bits of UN*X functionality EVAR 
is the ability to rewind or space forward/backwards or erase a mag tape from 
the command line:


What program package is EVAR, never heard about it.



http://cygwin.com/packages/mt/

http://linux.die.net/man/1/mt

If that's installed, the "mt.exe" it's running might be the (GPL'ed reimplementation of?) 
the Good Old BSD "mt" command, rather than something actually generally useful to 
developers:

http://msdn.microsoft.com/en-us/library/aa375649(v=vs.85).aspx

If the Cygwin package containing "mt" is installed, you might have to tweak your search 
path to look at the directory in which the Windows SDK programs are located *before* looking at the 
directories in which Cygwin binaries are located, so you get the right "mt".


There was no change in the CYGWIN installation since I compiled 
Wireshark successfully.


--
Andy

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Compiling Wireshark for Win32

2011-08-15 Thread Helge Kruse 

Am 16.08.2011 00:01, schrieb Gerald Combs:

On 8/12/11 1:25 AM, Helge Kruse wrote:

@Gerald,
the ZIP file with the PDBs are ~13 Megabyte in size. Would it be possible to 
add the import libraries to the archive in one of the next versions? The 
libwireshark.lib has only 266kByte while the PDB has 10MByte.


I added libwireshark.lib, libwsutil.lib, and wiretap-1.7.0.lib to the
archive along with libwsutil.pdb.


Great!

In which version's pdb ZIP archive will we find the libs? Currently 
there are only PDBs in

http://www.wireshark.org/download/win32/all-versions/wireshark-pdb-win32-1.6.1.zip

Thank you,
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Compiling Wireshark for Win32

2011-08-12 Thread Helge Kruse 
> Von: Gisle Vanem 
> > link /dll /out:libwireshark.dll /def:libwireshark.def
> /implib:libwireshark.lib >nul
> 
> Does it?
Yes.

> Where are the .obj files in this command?
There are neither .obj nor .lib input files.

The linker will complain about missing externals, that's why the ">nul" is 
useful. Further it won't generate a DLL as long as you don't pass the /FORCE 
argument to the linker command.

The import library does not contain any information from the actual linking 
process. All entry point addresses are in the export table of the generated 
DLL. 

The import library generates public symbols in a jump table, that are used when 
linking the consuming module. I also has a DLL loader, that opens the DLL, 
looks up the entry points from the DLL export table and patches the jumpt 
table. That's called "load time binding".

May be interesting: http://msdn.microsoft.com/en-us/magazine/bb985014.aspx


Helge

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Compiling Wireshark for Win32

2011-08-12 Thread Helge Kruse 

 Original-Nachricht 
> Datum: Thu, 11 Aug 2011 11:28:59 +0200
> Von: "news.gmane.com" 
>
> I don't want to build 1.6.x at all. I want to upgrade all my dissectors
> for propriary protocols to Wireshark 1.6. Since there are no PDB files
> for 1.6.0 (found only for 1.7 at 
>http://www.wireshark.org/download/automated/win32/)
> and no import library files I need compile Wireshark with all that
> CygWin, Python, ... installation.

Andreas (or Andy),
Why do you try to compile at all when you only need the import library?
It's generated with a one-liner:

link /dll /out:libwireshark.dll /def:libwireshark.def /implib:libwireshark.lib 
>nul

The command generates a lot of error messages and doesn't generate a valid DLL. 
That's why you want the ">nul".

And as Gerald wrote, the PDBs are on the server. So there is no reason to 
compile Wireshark at all, if you goal is compiling a plug-in DLL like a 
dissector. You don't even need to install Cygwin, ...

@Gerald,
the ZIP file with the PDBs are ~13 Megabyte in size. Would it be possible to 
add the import libraries to the archive in one of the next versions? The 
libwireshark.lib has only 266kByte while the PDB has 10MByte.

The PDB files must have a matching timestamp to be used from Visual Studio. The 
import library can be generated later as I've shown. But it would be a bit 
convenient, to have it along with the PDB files.

Helge


-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!   
Jetzt informieren: http://www.gmx.net/de/go/freephone
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Question about UDP checksum

2011-08-05 Thread Helge Kruse 
You've forgotten to include the UDP payload in your calculation. For the 
calculation the pseudo header must be in front of UDP header and UDP payload.

Helge

 Original-Nachricht 
> Datum: Fri, 5 Aug 2011 15:45:38 +0200
> Von: "news.gmane.com" 
> An: wireshark-dev@wireshark.org
> Betreff: [Wireshark-dev] Question about UDP checksum

> Hello,
> 
> I try to implement a UDP checksum routine. Unfortunately it calculates a 
> completely different value than Wireshark does. I don't known what I am 
> doing wrong. Can you help me?
> 
> The calculation is done using a UDP pseudo header with the structure
> 
> struct pseudo
> {
> uint32 source;
> uint32 destination;
> uint8 zero;
> uint8 protocol;
> uint16 udp_length;
> };
> 
> When I have a UDP frame with IP source = "192.168.100.132" and IP 
> destination = "192.168.144.255", and UDP Length = 66 (IP Total_Length =
> 86) 
> I get this data in the pseudo header:
> 
>  c0 a8 64 84
>  c0 a8 90 ff
>  00 11 00 42
> 
> The sum is 0x32874 which is must be folded to 0x2874+0x0003 = 0x8277. The 
> complement is 0xd788.
> 
> But Wireshark detects an error and says the checksum must be 0x5528. Can 
> anybody give me a hint what's wrong?
> 
-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!   
Jetzt informieren: http://www.gmx.net/de/go/freephone
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Feature request

2011-08-04 Thread Helge Kruse 

Am 04.08.2011 14:09, schrieb Stig Bjørlykke:

The capture filter is displayed in the title bar like this: "Capturing
from en0 (tcp or udp)" in recent versions of Wireshark.


Ah, I see!.

Probably one more reason to upgrade Wireshark in out company. 
Unfortunately this requires the generation of a new set of dissectors.


Helge

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Feature request

2011-08-04 Thread Helge Kruse 
Hello,

I have currently several instances of Wireshark running. Each instance captures 
with a specific capture filter. I forget which windows shows the (live) capture 
with which capture filter. So I don't know if packets are missing (lost on 
wire) or suppressed by filter.

It would be nice to have a possibility to display the capture filter (as 
entered in dialog) while the capture is running.

Helge

-- 
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] mix of c and C++

2011-07-27 Thread Helge Kruse 

Am 27.07.2011 18:35, schrieb Stephen Fisher:

On Tue, Jul 19, 2011 at 08:23:51AM +0200, Helge Kruse wrote:


@all: What is the sense behind the HAVE_CONFIG_H if I need it anyway?


config.h is only used on Unix, so only Unix builds need to include it.


This is not true. The file config.h defines the macro WS_VAR_IMPORT. 
This define is used in the Wireshark interface. 156 symbols are defined 
with this macro. When you miss to include that file you get a lot of 
compiler errors.


WS_VAR_IMPORT is necessary since the linkage differs when compiling 
libwireshark.dll to compiling a Wireshark plug-in. The latter case needs a


__declspec(dllimport)

modifier. That's why you need this macro.


Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] no vresion symbol

2011-07-21 Thread Helge Kruse 

Am 21.07.2011 16:06, schrieb sagar Guledagudda:

hi
  I am getting an error as " *The plugin has no version symbol* " during the
start up of wireshark . is that the wireshark version problem or any missing
library during compilation ? if anybody have idea please reply


Congratulation!, you managed to compile your dissector.

This is neither a Wireshark nor a library problem. Each dissector should 
have a public symbol *version* like this:


extern "C" G_MODULE_EXPORT gchar version[30] = "none";

Add it to your dissector, set an appropriate value and make sure it has 
no C++ decoration.

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Bad package created from 1.7.0

2011-07-20 Thread Helge Kruse 

Am 19.07.2011 14:23, schrieb Davide Milanesio:

Hi all,

I am trying to make a Wireshark Installer from the latest development
release (1.7.0), according to Section 2.2.13 of Wireshark Developer's
Guide.
Compiling and testing on Win XP.

Unfortunately, after the source is correctly compiled and also the
installer is generated,
if such installer is launched, after the installation process the new
.exe files are not working
(the message -translated from Italian- is: "Application not correctly
initialised (0x0c150002)")

Instead, following the same procedure from release 1.5.0 was successful.

Any hint? ;-)


Looks at least at a typo with the code:

0x0c150002 = Sev_Success + Fac_0x0C15 + Code_0x0002
0xc0150002 = Sev_Error + Fac_0x0015 + Code_0x0002

0x0015 = 37 = FACILITY_DIRECTORYSERVICE
0x0002 =  2 = ERROR_FILE_NOT_FOUND

The last recent problem I faced with this code was that the runtime was 
not available in the correct version. Did you test the installer on the 
development machine?


You can check, which versions of the runtime libraries are in the WinSxS 
directories and which version your executables (wireshark.exe, any 
load-time-DLL) requires. I have seen that a Windows update installed new 
versions of the runtime in Visual Studio as a bugfix.


I am uncertain where the installer grabs the runtime libraries that must 
be installed on the target machine. Probably this must be fixed.


Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] override config.nmake

2011-07-19 Thread Helge Kruse 

Am 19.07.2011 15:32, schrieb Bill Meier:

On 7/19/2011 9:15 AM, Helge Kruse wrote:

Is there a way to get the wiresharklibs to a different location without
modifying the files that I get from the repository?


Yes: Set a value foe WIRESHARK_LIBS in the environment and then
do nmake /E ...

set WIRESHARK_LIBS=...
nmake /E 


Thanks for reply. Unfortunately the /E command passes _all_ variables to 
nmake. This causes problems with two other lines from config.nmake:


CYGWIN_PATH=c:\cygwin\bin
PATH=$(PATH);$(CYGWIN_PATH);$(GTK_DIR)\bin; ...

When starting 'nmake /E' the PATH is not updated anymore. This requires 
to set the PATH before starting nmake. But it includes a further 
reference to C:\ anyway.


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] override config.nmake

2011-07-19 Thread Helge Kruse 

The config.nmake defines general settings like

WIRESHARK_LIBS=C:\wireshark-$(WIRESHARK_TARGET_PLATFORM)-libs-1.6

This is useful on most machines. But I have to build Wireshark on a 
machine where the system partition is on drive B:


My build steps are:
- getting the Wireshark files with SVN from 
http://anonsvn.wireshark.org/wireshark/releases/wireshark-1.6.0

- setup the build environment like WIRESHARK_TARGET_PLATFORM
- call nmake -f Makefile.nmake

Is there a way to get the wiresharklibs to a different location without 
modifying the files that I get from the repository?


Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] mix of c and C++

2011-07-19 Thread Helge Kruse 

Am 19.07.2011 12:02, schrieb sagar Guledagudda:

now i am getting linker error like

: undefined reference to `proto_register_protocol'
: undefined reference to `proto_register_field_array'
: undefined reference to `proto_register_subtree_array'
: undefined reference to `register_dissector'
: undefined reference to `prefs_register_protocol'
: undefined reference to `prefs_register_uint_preference'
: undefined reference to `prefs_register_string_preference'
: undefined reference to `register_init_routine'
: undefined reference to `register_postseq_cleanup_routine'

i have added library path to wireshark/epan where the proto.h is there which
contains the above functions. do u have idea abt wat els s required to be
done to get through this ?


Adding a path is not sufficient. You need to add the library file that 
defines the symbols. In a Windows build you add the library files 
_after_ the object files to the linker command line. That looks similar 
like this (on one line):


link -dll /out:mymodule.dll myobject1.obj myobject2.obj
..\..\epan\libwireshark.lib ..\..\wsutil\wsutil.lib 

In a Unix-build you will replace the .lib files with .so or .sa files. I 
assume the .sa is deprecated.


You can compare your makefile with one of the makefiles in the plugins 
tree to get the idea.


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] mix of c and C++

2011-07-18 Thread Helge Kruse 

Am 19.07.2011 07:10, schrieb sagar Guledagudda:

I am compiling it for linux ( xxx.so file )

Includes files are as below

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include
#include
#include
//  fastfix API
#include
#include



CC   = g++

CFLAGS = $(INCS)  -fPIC

$(PLUGIN) : $(OBJS)
 mkdir -p $(PLUGIN_DIR)
 $(CC) -shared $(OBJS) $(LIBS)-o $@
%.o : %.cpp
 $(CC) $(CFLAGS) $(LIBS) $<  -o $@


A Unix shared library exports all non-private symbols while a Windows 
dynamic link library exports only the symbols that are defined in the 
export list. To access variables in the Wireshark.so you need to declare 
the symbol 'extern'. You need to declare the symbol as 
'__declspec(dllimport) extern' to access it in the Wireshark.dll.

The config.h defines a macro WS_VAR_IMPORT with the appropriate definition.

If you don't include the config.h WS_VAR_IMPORT is not replaced with 
anything and your compiler gets confused. If your curious you can check 
this by *temporarily* change the actual compiler flags and replace -c by 
-E to get a preprocessed source file. Look for WS_VAR_IMPORT or 
_NEED_VAR_IMPORT_ in that file.


To solve your problem you should define HAVE_CONFIG_H, probably with

   CFLAGS = $(INCS) -fPIC -DHAVE_CONFIG_H

But the makefiles are usually autogenerated.

@all: What is the sense behind the HAVE_CONFIG_H if I need it anyway?

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] mix of c and C++

2011-07-18 Thread Helge Kruse 

Am 18.07.2011 16:45, schrieb sagar sg:

compiler i am using is  g++
parameters -   -fPIC
root/wireshark/wireshark-1.4.7/epan/tfs.h:56: error: expected constructor,
destructor, or type conversion before âconstâ
error is in the file given above .. its not showing in the dissector code.

On Mon, Jul 18, 2011 at 6:53 PM, Helge Krusewrote:


Am 18.07.2011 11:24, schrieb sagar sg:

  hello,

 My Dissector is in C++ and internally uses wireshark libraries (
eg:
epan ) , Is there any way to wrote makefile such that we can mix the gcc
and
g++ compilers for particular type of code to be compiled with
corresponding
compiler ??

Thanks
Sagar G







When you want to address C/C++ mixed code you just need to discuss how to
write the source code and how to use the compilers. Regarding your problem
to compile something that includes tfs.h you should send following:

- the name of the compiler that is actually started (gcc,g++)
- the exact list of parameters passed to the compiler
- the exact error message, (copy&paste is your friend)
- an excerpt of your source file with all lines including the line that
causes the error.


So, if you could send _all_ requested information we could help.

- You did not show the order of included header files. It looks like you 
scrambled something here so that WS_VAR_IMPORT is not defined properly.
- I don't believe that only -fPIC is passed to compiler, at least -c is 
must be given.


One additional information would be useful: do you compile for Windows 
(xxx.DLL) or for Linux (xxx.so)


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] mix of c and C++

2011-07-18 Thread Helge Kruse 

Am 18.07.2011 11:24, schrieb sagar sg:

hello,
 My Dissector is in C++ and internally uses wireshark libraries ( eg:
epan ) , Is there any way to wrote makefile such that we can mix the gcc and
g++ compilers for particular type of code to be compiled with corresponding
compiler ??

Thanks
Sagar G




This mix is not a Wireshark problem, but a general tools question.

The makefile defines, which tools shall be started in a specific order 
to generate the result. This can be a program if you use a C/C++ 
compiler and a linker or anything else, e.g. when compiling beautiful 
PDF files from LaTex source.


When you want to address C/C++ mixed code you just need to discuss how 
to write the source code and how to use the compilers. Regarding your 
problem to compile something that includes tfs.h you should send following:


- the name of the compiler that is actually started (gcc,g++)
- the exact list of parameters passed to the compiler
- the exact error message, (copy&paste is your friend)
- an excerpt of your source file with all lines including the line that 
causes the error.


Of course it's more convenient to send the complete source file instead 
of the excerpt.


___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] error in epan/tfs.h

2011-07-18 Thread Helge Kruse 

Am 18.07.2011 07:16, schrieb sagar sg:

Yes. My dissector code is in C++ which i am compiling independently and
using the required libraries.


I use always C++ to write my custom dissectors. Did you surround the 
Wireshark #include with extern "C" like this?


  extern "C" {
  #include 
  #include 
  }

Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Filter for generated items

2010-11-18 Thread Helge Kruse 
Am 16.11.2010 21:45, schrieb Stephen Fisher:
> On Tue, Nov 16, 2010 at 09:13:57PM +0100, Helge Kruse wrote:
>
>> But I cannot convince anybody to update there 1.2.x installations to
>> 1.4.x.
>>
>> So I must now decide if I have to provide a DLL compile with the 1.2.x
>> header and libs and an additional DLL compiled with the 1.4.x header
>> and libs. I don't think about the development branches (1.3.x).
>
> Yes, then making DLL of your plugin for version 1.2.x and 1.4.x would be
> the way to go.

I doubt that this is true. I started to compare these versions and found 
some differences. At least two seam to be important.

1) The new libWireshark.DLL does not export all functions that had been 
exported by the version 1.2.3. Well, most of these functions are for 
internal Wireshark use only. But what, if my dissector calls 
calculate_crc32c?

2) There are some structures that have been changed. There may be also 
some Wireshark-internal-only structures. But Wireshark passes a pointer 
to the packet_info to each dissector. The packet_info member fd points 
to the frame_data structure. This structure layout has changed,it's just 
incompatible. I checked this by running 1.4.1 in the debugger; the 
timestamps are different.

Fortunately my dissector needs only the ordinal number of the frame in 
the capture what can be found in front of the change. So it works -- by 
accident.

Regards,
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] foo dissector of the dev guide

2010-11-18 Thread Helge Kruse 

 Original-Nachricht 
> Datum: Thu, 18 Nov 2010 11:22:19 +0100
> Von: Lange Jan-Erik 
> An: Developer support list for Wireshark 
> Betreff: Re: [Wireshark-dev] foo dissector of the dev guide

> You're right. I captured UDP Frames from my network. Now I'm working with
> these Frames an modify them in a HEX Editor for testing..
> 

Have you considered to use text2pcap? Since the source text editor is always 
open this might be helpful.

Helge

-- 
GMX DSL Doppel-Flat ab 19,99 €/mtl.! Jetzt auch mit 
gratis Notebook-Flat! http://portal.gmx.net/de/go/dsl
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Filter for generated items

2010-11-16 Thread Helge Kruse 
Am 16.11.2010 19:05, schrieb Stephen Fisher:
> On Tue, Nov 16, 2010 at 06:37:32PM +0100, Helge Kruse wrote:
>> Is it guaranteed that a 1.2.x plugin runs with Wireshark 1.4.x?
>
> Jaap and Joerg are referring to the same stable branch, so any newer
> version of 1.2.x than the one you compiled with (or newer 1.4.x than the
> one you compiled it with).  This makes sense because only important bug
> fixes are moved from the development back into the newer stable branches
> and no new features.  I just didn't think we were verifying that bug
> fixes never broke the ABI, although I can see why they never or at least
> rarely would.

Ok, I understand that life cycle. But I cannot convince anybody to 
update there 1.2.x installations to 1.4.x.

So I must now decide if I have to provide a DLL compile with the 1.2.x 
header and libs and an additional DLL compiled with the 1.4.x header and 
libs. I don't think about the development branches (1.3.x).

Sorry, if this additional question is annoying. But unfortunately I did 
not get the answer from your mail. I'm sure this would be my fault.

Helge

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Filter for generated items

2010-11-16 Thread Helge Kruse 

 Original-Nachricht 
> Datum: Tue, 16 Nov 2010 08:40:16 +0100
> Von: Jaap Keuter 
> An: Developer support list for Wireshark 
> Betreff: Re: [Wireshark-dev] Filter for generated items

> On 11/16/2010 02:57 AM, Joerg Mayer wrote:
> > I thought that ABI compatibility within a stable release should
> > be guaranteed except for emergency (security) fixes. That means if
> > a plugins works with 1.2.7 it can be expected to work for 1.2.8 up to
> > the last 1.2.x release ever. Did I miss something?
> >

> 
> You're right, there should be little reason for plugins not to work in
> newer 
> maintenance releases of stable branches. Otherwise we're not doing things
> right.
> 

I experienced problem when running a 0.99.3 plugin in 0.99.4, as well as a 
0.99.4 in 1.2.3. The changes where a reordered enumeration (column id) and in 
incompatible prototype. Both made it impossible to pass this version borders.

Well, the 0.99.x was not a stable branch, but this changes creates fear to run 
a plugin in a different version.
 
Is it guaranteed that a 1.2.x plugin runs with Wireshark 1.4.x?

Regards,
Helge

-- 
GMX DSL Doppel-Flat ab 19,99 €/mtl.! Jetzt auch mit 
gratis Notebook-Flat! http://portal.gmx.net/de/go/dsl
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Filter for generated items

2010-11-15 Thread Helge Kruse 
2010/11/14 Guy Harris g...@alum.mit.edu

>
> > How can I either add a hack to my DLL to simulate
> > proto_item_append_string or provide another way to filter and find?
>
> You don't:
>
>http://www.wireshark.org/lists/wireshark-dev/201011/msg00156.html
>
> That fix is scheduled for inclusion in the 1.4.2 and 1.2.13 releases.
>

Thank you for fixing. But since I need to deploy the DLL to existing
Wireshark installations, this would not help in this case. I cannot force to
install a specific version of Wireshark just to support my dissector.


Reagards,

Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] Filter for generated items

2010-11-14 Thread Helge Kruse 

 Original-Nachricht 
> Datum: Sun, 14 Nov 2010 16:53:38 +0100
> Von: wsgd 
> An: Developer support list for Wireshark 
> Betreff: Re: [Wireshark-dev] Filter for generated items

> Look at :
> - proto_tree_add_item
> - proto_tree_add_string
> - proto_tree_add_string_format
> 

Olivier,

this functions allows filter as well as packet find. And I can use it in 
existing Wireshark installations.


Mercie,

Helge
-- 
Neu: GMX De-Mail - Einfach wie E-Mail, sicher wie ein Brief!  
Jetzt De-Mail-Adresse reservieren: http://portal.gmx.net/de/go/demail
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Filter for generated items

2010-11-14 Thread Helge Kruse 
Hi I write a dissector DLL, that adds a generated item to the tree. 
After defining the hf_info with type FT_STRING, i use 
proto_item_append_text to show the generated string. But this item 
cannot be used neither to search or to filter for this item.

I have seen, that the packet-frame.c uses proto_item_append_string to 
show the protocol layers. This is also usable in a filter. Since 
proto_item_append_string is not exported, the function is not available 
for my dissector DLL.

How can I either add a hack to my DLL to simulate 
proto_item_append_string or provide another way to filter and find?


Regards,
Helge

___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Filter for generated items

2010-11-14 Thread Helge Kruse 
Hi I write a dissector DLL, that adds a generated item to the tree. 
After defining the hf_info with type FT_STRING, i use 
proto_item_append_text to show the generated string. But this item 
cannot be used neither to search or to filter for this item.

I have seen, that the packet-frame.c uses proto_item_append_string to 
show the protocol layers. This is also usable in a filter. Since 
proto_item_append_string is not exported, the function is not available 
for my dissector DLL.

How can I either add a hack to my DLL to simulate 
proto_item_append_string or provide another way to filter and find?


Regards,
Helge
___
Sent via:Wireshark-dev mailing list 
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe