[Wireshark-dev] Built wireshark failed make[2]: *** [services] Error 1
Hey guys, i wanna bulit wireshark and get a failure. Maybe someone of u know the reason. libtool: link: rm -f .libs/rawshark.nm .libs/rawshark.nmS .libs/rawshark.nmT libtool: link: (cd .libs gcc -DINET6 -D_U_=__attribute__((unused)) -g -O2 -Wall -W -Wextra -Wdeclaration-after-statement -Wendif-labels -Wpointer-arith -Wno-pointer-sign -Warray-bounds -Wcast-align -Wformat-security -I/usr/local/include -pthread -I/usr/include/gtk-2.0 -I/usr/lib64/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/pcap -c -fno-builtin rawsharkS.c) libtool: link: rm -f .libs/rawsharkS.c .libs/rawshark.nm .libs/rawshark.nmS .libs/rawshark.nmT libtool: link: gcc -DINET6 -D_U_=__attribute__((unused)) -g -O2 -Wall -W -Wextra -Wdeclaration-after-statement -Wendif-labels -Wpointer-arith -Wno-pointer-sign -Warray-bounds -Wcast-align -Wformat-security -I/usr/local/include -pthread -I/usr/include/gtk-2.0 -I/usr/lib64/gtk-2.0/include -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pango-1.0 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/pixman-1 -I/usr/include/freetype2 -I/usr/include/libpng12 -I/usr/include/pcap -Wl,--as-needed -o .libs/rawshark rawshark-capture-pcap-util-unix.o rawshark-capture-pcap-util.o rawshark-cfile.o rawshark-clopts_common.o rawshark-disabled_protos.o rawshark-frame_data_sequence.o rawshark-packet-range.o rawshark-print.o rawshark-ps.o rawshark-sync_pipe_write.o rawshark-timestats.o rawshark-util.o rawshark-tap-megaco-common.o rawshark-tap-rtp-common.o rawshark-version_info.o rawshark-rawshark.o .libs/rawsharkS.o -pthread -Wl,--export-dynamic -Wl,--export-dynamic -L/usr/local/lib wiretap/.libs/libwiretap.so epan/.libs/libwireshark.so -L/usr/lib64 /mnt/ssd/wire/wiretap/.libs/libwiretap.so /mnt/ssd/wire/wsutil/.libs/libwsutil.so wsutil/.libs/libwsutil.so -lgthread-2.0 -lrt -lgmodule-2.0 -lglib-2.0 -lm -lpcap -lkrb5 -lk5crypto -lcom_err -lkeyutils -lresolv -ldl -lz -pthread cp tools/idl2wrs.sh idl2wrs chmod +x idl2wrs /usr/bin/perl ./tools/make-services.pl starting to fetch http://www.iana.org/assignments/port-numbers ... request for http://www.iana.org/assignments/port-numbers failed with result code:500 at ./tools/make-services.pl line 90. make[2]: *** [services] Error 101 make[2]: Leaving directory `/mnt/ssd/wire' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/mnt/ssd/wire' make: *** [all] Error 2 regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Reassembling fragmented messages
On Thu, 19 Jan 2012 17:53:57 -0200, Francesco Jacomel
francesco.jaco...@gmail.com wrote:
Hi,
I've just subscribe to this list to find some successful experience
on
reassembling packets.
I'm trying to use the developers guide to help me on doing it, but I
had no success until this moment.
I'm creating a new dissector and for simple messages it works fine,
but nothing works neither when adding fragments in a hash table nor
when reassembling the packets.
Let me show the incoming packets, at first, to make the problem more
clear.
In the .log file -also created by myself-, I have the following:
The packet with the total size to be reassembled is this one
18:25:13.257
00 00 0C 00 05 AA FF 00 00 8F
.
Where 00 0C 00 05 means:
01 - TX
0C - MY PROTOCOL
00 05 - 2 BYTES LENGTH
And A0 12 00 00 8F means:
AA - COMMAND CLASS
FF - INSTRUCTION
00 - DON'T CARE
00 - DON'T CARE
8F - THE TOTAL LENGTH OF THE BYTES TO BE RECEIVED BY THE ME.
fd-num;
frag_msg = fragment_add_seq_check (tvb, 1, pinfo,
nRXCounter, // guint32 ID for fragments
belonging together - Is the same for the two parts of the message.
iso7816_fragment_table, // list of message fragments
iso7816_reassembled_table,// list of reassembled messages
nFrameCounter++, // guint32 fragment sequence number
- static variable starting at 0 value, working fine.
tvb_reported_length(tvb), // guint32 fragment length
!bGetNextRXFragment); // More fragments? */
bGetNextRXFragment = TRUE;
nLastRXLength = nLastRXLength-(len-3);
pinfo-fragmented = save_fragmented;
In the first RX received, it will add the tvb in the hash table, but
in the second, due to the bGetNextRXFragment = TRUE; it will call
the _FRAGMENT_ADD_SEQ_CHECK_ with the last parameter being FALSE,
what I understand is that I need to change it to FALSE when I know
that there is no more fragments, right??
There is any other parameter to pass/set in this function to
signalize
that there are no more fragments and the message can be reassembled?
I tried to change everything, use another functions, but it doesn't
work and FRAG_MSG is NEVER a valid value, on the Wireshark I see only
it adding fragments forever.
To check the answer for that, i have:
if (frag_msg) /* Reassembled */{
col_append_str(pinfo-cinfo, COL_INFO,REASSEMBLED);
nFrameCounter = 0;
}
else /* Not last packet of reassembled Message */{
col_append_fstr(pinfo-cinfo, COL_INFO,(Message fragment # %u),
nFrameCounter++);
}
if(new_tvb){
col_append_fstr(pinfo-cinfo, COL_INFO,new_tvb OK);
} else{
col_append_fstr(pinfo-cinfo, COL_INFO,* new_tvb NULL);
}
And what I see in the Wireshark is :
8 18:25:13.264000 MyProtocol Equipment PROT 118 (Message fragment #
0)* new_tvb NULL
9 18:25:13.265000 MyProtocol Equipment PROT 36 (Message fragment #
1)* new_tvb NULL
Does anyone know how can I check if I'm doing everything needed to
reassemble the fragments with no problems? I'm doing something wrong
but I could not find what.
Thanks in advance for you all.
--
Francesco Jacomel.
Hey Francesco ..
does your reassemble finally worked ?
if not ..
i dont know where u built it in ...i had problems with the
check-function too.
i included my code before the IF(tree) and it finally worked..
Whats important is that u have to bulit it in when if(tree==0).. maybe
the visit-Flag kann help you...
Regards Marcel
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Analyze of a Capture File
On Tue, 08 Nov 2011 10:08:12 +0100, Marcel Haas inf...@fh-worms.de wrote: Hi @ all, first i have to say its more a question for the user mailinglist but im just registerd here. So maybe someone of u can help me I have capture some traffic from different ports and now i want to analyze it. For example: -which protocols where capture -how many packets of each protocol where capture -size of each capture protocol -to calculate the min and max of a protocol - to calculate the average of a protocol does Wireshark have functions included that will does it for me or have to export the dump and deal with for example excel ?? Regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Nobody here can tell me if it is possible ? ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Analyze of a Capture File
Hi @ all, first i have to say its more a question for the user mailinglist but im just registerd here. So maybe someone of u can help me I have capture some traffic from different ports and now i want to analyze it. For example: -which protocols where capture -how many packets of each protocol where capture -size of each capture protocol -to calculate the min and max of a protocol - to calculate the average of a protocol does Wireshark have functions included that will does it for me or have to export the dump and deal with for example excel ?? Regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] File-Export own format
On Fri, 4 Nov 2011 12:43:30 -0700, Guy Harris g...@alum.mit.edu wrote:
On Nov 4, 2011, at 2:45 AM, Andreas wrote:
Am 04.11.2011 09:31, schrieb Marcel Haas:
On Wed, 26 Oct 2011 11:00:27 +0200, Marcel Haas
inf...@fh-worms.de wrote:
Hey Guys,
With File-Export u can atm export Plain text CSV C-Array
etc.
I want to Export my own format.
Someone have an idea how to built it in ??
Nobody an idea how to export own format or where i can find the
export
code ?
I would look at the wiretap directory and the dump_open_table_base
in file_access.c where you add your file_type_info to
dump_open_table_base.
That's for saving capture files in a full-blown capture file format,
not for exporting either raw packet data without metadata or
dissected
packets.
To add a new File-Export format, add a new item to the Export menu
in the ui_desc_menubar description and the main_menu_bar_entries
array, with a callback; see how other callbacks for Export are done
for examples.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
hm okay i found those at gtk/menu.c
With a callback u mean something like that ?
static const GtkActionEntry main_menu_bar_entries[] = {
...
...
{ /File/Open, GTK_STOCK_OPEN,
_Open..., controlO,
Open a file, G_CALLBACK(file_open_cmd_cb) },
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] File-Export own format
On Wed, 26 Oct 2011 11:00:27 +0200, Marcel Haas inf...@fh-worms.de wrote: Hey Guys, With File-Export u can atm export Plain text CSV C-Array etc. I want to Export my own format. Someone have an idea how to built it in ?? Regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Nobody an idea how to export own format or where i can find the export code ? ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] ERROR:packet.c:1531:heur_dissector_add: assertion failed: (sub_dissectors != NULL) Aborted
Hey If i want to start wireshark i am geting a failur : ERROR:packet.c:1531:heur_dissector_add: assertion failed: (sub_dissectors != NULL) Aborted Somebody know how to fix it ? ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] ERROR:packet.c:1531:heur_dissector_add: assertion failed: (sub_dissectors != NULL) Aborted
On Wed, 02 Nov 2011 12:11:31 +0100, Marcel Haas inf...@fh-worms.de wrote: Hey If i want to start wireshark i am geting a failur : ERROR:packet.c:1531:heur_dissector_add: assertion failed: (sub_dissectors != NULL) Aborted Somebody know how to fix it ? ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Sorry, here r more informations. I dad been writing my own dissector and built it in to wireshark on a Linux system. All worked well. Wireshark runs and so my dissector. Now i want to copy the file folder to another linux system. On the other system i run first configure than make .. all worked well .. Now i want to start wireshark - ./wireshark i get these failur .. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] ERROR:packet.c:1531:heur_dissector_add: assertion failed: (sub_dissectors != NULL) Aborted
On Wed, 2 Nov 2011 13:18:53 +0100, Roland Knall rkn...@gmail.com wrote: Ok, some more information How do you write the dissector, in epan/dissectors or as a plugin? Which version of wireshark are you using? Just trunk, or a specific release version (e.g. trunk-1.6)? But my guess would be, that you either you built your dissector as a plugin, or the versions of wireshark differ between the first and second machine. regards, Roland On Wed, Nov 2, 2011 at 1:15 PM, Marcel Haas inf...@fh-worms.de wrote: On Wed, 02 Nov 2011 12:11:31 +0100, Marcel Haas inf...@fh-worms.de wrote: Hey If i want to start wireshark i am geting a failur : ERROR:packet.c:1531:heur_dissector_add: assertion failed: (sub_dissectors != NULL) Aborted Somebody know how to fix it ? ___ Sent via: Wireshark-dev mailing list wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Sorry, here r more informations. I dad been writing my own dissector and built it in to wireshark on a Linux system. All worked well. Wireshark runs and so my dissector. Now i want to copy the file folder to another linux system. On the other system i run first configure than make .. all worked well .. Now i want to start wireshark - ./wireshark i get these failur .. ___ Sent via: Wireshark-dev mailing list wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Version is 1.6.1 and yep my dissector is a plugin. on the systems run the same version ..i just made a copie of the whole file folder ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] ERROR:packet.c:1531:heur_dissector_add: assertion failed: (sub_dissectors != NULL) Aborted
On Wed, 2 Nov 2011 13:18:53 +0100, Roland Knall rkn...@gmail.com wrote: Ok, some more information How do you write the dissector, in epan/dissectors or as a plugin? Which version of wireshark are you using? Just trunk, or a specific release version (e.g. trunk-1.6)? But my guess would be, that you either you built your dissector as a plugin, or the versions of wireshark differ between the first and second machine. regards, Roland On Wed, Nov 2, 2011 at 1:15 PM, Marcel Haas inf...@fh-worms.de wrote: On Wed, 02 Nov 2011 12:11:31 +0100, Marcel Haas inf...@fh-worms.de wrote: Hey If i want to start wireshark i am geting a failur : ERROR:packet.c:1531:heur_dissector_add: assertion failed: (sub_dissectors != NULL) Aborted Somebody know how to fix it ? ___ Sent via: Wireshark-dev mailing list wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Sorry, here r more informations. I dad been writing my own dissector and built it in to wireshark on a Linux system. All worked well. Wireshark runs and so my dissector. Now i want to copy the file folder to another linux system. On the other system i run first configure than make .. all worked well .. Now i want to start wireshark - ./wireshark i get these failur .. ___ Sent via: Wireshark-dev mailing list wireshark-dev@wireshark.org Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Okay i run make and make install and now it runs fine .. :) thx for the fast help everyone ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] complex problem
On Tue, 18 Oct 2011 13:49:55 -0400, Jeff Morriss
jeff.morriss...@gmail.com wrote:
Marcel Haas wrote:
On Thu, 13 Oct 2011 09:03:38 -0400, Jeff Morriss
jeff.morriss...@gmail.com wrote:
Marcel Haas wrote:
Hey,
maybe the problem isnt so complex to solve but its complex for me
to explain. :)
I have written my own reassemble code and it seems to work. But i
have one big problem.
If i set the filter and click apply, it works,because it goes
trough every packet.
And I get my reassemble msg after the packet but if now click at
the reassemble packet there
is now reassemble tvb. I know the reason for that cause he
interpret every packet one on one
Example:
Filter is set click at Apply
Packet: 1 -frag
Packet: 2 -frag
Packet: 3 -Reassemble (last frag)
If i click at Packet 3 he interprets only packet 3. He doesnt see
packet 1 2
and so he bulits now Reass Tvb.
The part about not seeing packets 1 and 2 when clicking on packet 3
is correct. You must do all your reassembly in the first pass
(read:
even when !tree--which it appears you're doing) and it must be
stored
in such a way that when it's (only) re-dissecting packet 3 it will
have the data from packets 1 and 2 available to it. I suspect that
your custom reassembly routine isn't doing this latter part.
(Yes, this means that Reassembly requires using lots of memory.
See
http://wiki.wireshark.org/KnownBugs/OutOfMemory .)
___
Sent via:Wireshark-dev mailing list
wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Hmm okay, but e.g. epan/dissectors/packet-atalk.c use the
fragment_add_seq_check function after if(tree) :(
Actually from what I saw of the code snippet you sent, I thought you
did NOT have the reassembly inside if(tree) problem. That's why I
supposed your problem was the 2nd part: you need to store the
fragments the first (and only first) time you see the fragment.
pinfo-fd-flags.visited can be used as an indicator to tell your
dissector we've seen this frame before, don't pass it to the
reassembly routines.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
If have solved it last week..
now im using the wireshark reass function again .
i put the reass function befor If(tree) and its working.
I dont understand why it doesnt work after if(tree){} but its working
fine now, so im happy :)
Regards Marcel
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] File-Export own format
Hey Guys, With File-Export u can atm export Plain text CSV C-Array etc. I want to Export my own format. Someone have an idea how to built it in ?? Regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] complex problem
On Thu, 13 Oct 2011 11:40:01 +0200, Marcel Haas inf...@fh-worms.de
wrote:
Hey,
maybe the problem isnt so complex to solve but its complex for me to
explain. :)
I have written my own reassemble code and it seems to work. But i
have one big problem.
If i set the filter and click apply, it works,because it goes trough
every packet.
And I get my reassemble msg after the packet but if now click at the
reassemble packet there
is now reassemble tvb. I know the reason for that cause he interpret
every packet one on one
Example:
Filter is set click at Apply
Packet: 1 -frag
Packet: 2 -frag
Packet: 3 -Reassemble (last frag)
If i click at Packet 3 he interprets only packet 3. He doesnt see
packet 1 2
and so he bulits now Reass Tvb.
Maybe im calling my function at the worng position.
Code:
static void
dissect_xxx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){
...
if(tree){
...
}
// Fragment
Routine
if(totalp 1){
frag_tvb =tvb_new_subset(tvb,offset2,-1,-1); // Get
the TVB
big_tvb=ListenElementEinfuegen(NeuesListenElement(snode,pnum,totalp,frag_tvb));
// Reass Function
if (big_tvb) { // Reassembled Big_tvb != NULL
col_append_str(pinfo-cinfo, COL_INFO,
(Message Reassembled));
add_new_data_source(pinfo,big_tvb,Defrag TVB);
// ADD new Data Source
} else { // Not last packet of reassembled Short
Message Big_tvb == NULL
col_append_fstr(pinfo-cinfo, COL_INFO,
(Message fragment %u), pnum);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Frag: %u), pinfo-fd - num);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Visit: %u),
pinfo-fd-flags.visited);
}
}
}
I hope someone understand my problem and have a good idea/solution :)
thx and regards
Marcel
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Hey Guys
still haveing the same problem..
Nobody have an clue for me ??
Jeff was saying to put my code before if(tree) if i get i right.. but
other dissectors use reassembling after if(tree) too.
Maybe i can conrtol it by pinfo-fd-flags.visited ??
Regards Marcel
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] complex problem
On Thu, 13 Oct 2011 09:03:38 -0400, Jeff Morriss jeff.morriss...@gmail.com wrote: Marcel Haas wrote: Hey, maybe the problem isnt so complex to solve but its complex for me to explain. :) I have written my own reassemble code and it seems to work. But i have one big problem. If i set the filter and click apply, it works,because it goes trough every packet. And I get my reassemble msg after the packet but if now click at the reassemble packet there is now reassemble tvb. I know the reason for that cause he interpret every packet one on one Example: Filter is set click at Apply Packet: 1 -frag Packet: 2 -frag Packet: 3 -Reassemble (last frag) If i click at Packet 3 he interprets only packet 3. He doesnt see packet 1 2 and so he bulits now Reass Tvb. The part about not seeing packets 1 and 2 when clicking on packet 3 is correct. You must do all your reassembly in the first pass (read: even when !tree--which it appears you're doing) and it must be stored in such a way that when it's (only) re-dissecting packet 3 it will have the data from packets 1 and 2 available to it. I suspect that your custom reassembly routine isn't doing this latter part. (Yes, this means that Reassembly requires using lots of memory. See http://wiki.wireshark.org/KnownBugs/OutOfMemory .) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Hmm okay, but e.g. epan/dissectors/packet-atalk.c use the fragment_add_seq_check function after if(tree) :( So i did with my own reass-algo. Damn reassempling screw me :). And i dont get why fragment_add_seq_check doesnt work for me. im a little bit frustrated.. and that on a friday :D ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] complex problem
Hey,
maybe the problem isnt so complex to solve but its complex for me to
explain. :)
I have written my own reassemble code and it seems to work. But i have
one big problem.
If i set the filter and click apply, it works,because it goes trough
every packet.
And I get my reassemble msg after the packet but if now click at the
reassemble packet there
is now reassemble tvb. I know the reason for that cause he interpret
every packet one on one
Example:
Filter is set click at Apply
Packet: 1 -frag
Packet: 2 -frag
Packet: 3 -Reassemble (last frag)
If i click at Packet 3 he interprets only packet 3. He doesnt see
packet 1 2
and so he bulits now Reass Tvb.
Maybe im calling my function at the worng position.
Code:
static void
dissect_xxx(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree){
...
if(tree){
...
}
// Fragment
Routine
if(totalp 1){
frag_tvb =tvb_new_subset(tvb,offset2,-1,-1); // Get the
TVB
big_tvb=ListenElementEinfuegen(NeuesListenElement(snode,pnum,totalp,frag_tvb));
// Reass Function
if (big_tvb) { // Reassembled Big_tvb != NULL
col_append_str(pinfo-cinfo, COL_INFO,
(Message Reassembled));
add_new_data_source(pinfo,big_tvb,Defrag TVB);
// ADD new Data Source
} else { // Not last packet of reassembled Short
Message Big_tvb == NULL
col_append_fstr(pinfo-cinfo, COL_INFO,
(Message fragment %u), pnum);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Frag: %u), pinfo-fd - num);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Visit: %u), pinfo-fd-flags.visited);
}
}
}
I hope someone understand my problem and have a good idea/solution :)
thx and regards
Marcel
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] include tvbuff.h failed
On Tue, 11 Oct 2011 11:33:56 -0600, Stephen Fisher st...@stephen-fisher.com wrote: On Tue, Oct 11, 2011 at 02:02:48PM +0200, Marcel Haas wrote: i want to include the tvbuff.h to my code so i can make own tvbs with tvbuff_t* my code lies at wireshark/epan so as tvbuff.h. except.h:97: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ Problem solved ! I'm not sure how you solved this, but for the mailing list archives: these errors usually happen because necessary include files were not included before this one. Wireshark header files don't typically include every header file they require, relying on (in this case) the dissector writer to include them first. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Sorry, ofcourse i will share my experience to the list .. but u r right ! it was a stupied failur of mine. i included the tvbuff.h befor #ifdef HAVE_CONFIG_H #include config.h #endif so its actually that what u saying ! because necessary include files were not included before this one. regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] include tvbuff.h failed
Hey, i want to include the tvbuff.h to my code so i can make own tvbs with tvbuff_t* my code lies at wireshark/epan so as tvbuff.h. My code : #include tvbuff.h ... when i am running make i get that failure In file included from exceptions.h:29, from tvbuff.h:41, from list_mh.c:4: except.h:97: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:98: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:99: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ except.h:100: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘void’ What doing iam wrong ?? thx and regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Decompress Data
On Fri, 7 Oct 2011 09:34:53 -0600, Stephen Fisher
st...@stephen-fisher.com wrote:
On Fri, Oct 07, 2011 at 11:31:24AM +0200, Marcel Haas wrote:
I have some packets witch are compress witz zlib.
I want to uncompress them.
Take a look at the tvb_uncompress() or tvb_child_uncompress()
functions
in epan/tvbuff.c. An example of tvb_child_uncompress() is in the
HTTP
dissector, epan/dissectors/packet-http.c.
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Iam using the tvb_umcompress function now.
Code:
if(compress==67){
offset2=loh+20;
compress_tvb=tvb_uncompress(tvb,offset2,tvb_length(tvb));
add_new_data_source(pinfo,compress_tvb,Decompressed TVB);
}
But it didnt work ..i get a failer when i get a uncompress packet.
[Malformed Packet:NOS]
[Expert Info (Error/Malformed):Malformed Packet (Exception
occurred)]
I guess that means i cant uncompress my packet with that function ?
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Decompress Data
On Fri, 7 Oct 2011 09:34:53 -0600, Stephen Fisher st...@stephen-fisher.com wrote: On Fri, Oct 07, 2011 at 11:31:24AM +0200, Marcel Haas wrote: I have some packets witch are compress witz zlib. I want to uncompress them. Take a look at the tvb_uncompress() or tvb_child_uncompress() functions in epan/tvbuff.c. An example of tvb_child_uncompress() is in the HTTP dissector, epan/dissectors/packet-http.c. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe hmm okay it seems to do the right way if i make it like that next_tvb =tvb_new_subset(tvb,offset2,-1,-1); compress_tvb=tvb_uncompress(next_tvb,0,tvb_length(next_tvb)); add_new_data_source(pinfo,compress_tvb,Decompressed TVB); ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Couldn't load module / undefined symbol:
On Thu, 06 Oct 2011 10:11:23 -0400, Jeff Morriss jeff.morriss...@gmail.com wrote: Marcel Haas wrote: On Thu, 06 Oct 2011 09:10:38 -0400, Jeff Morriss jeff.morriss...@gmail.com wrote: Marcel Haas wrote: Hey, I have a new problem. Some of u still remember that im writing my own function and include it to wireshark/epan file folder. i built it in with autogen configure and make. Now i want to include my functions to my dissector plugin. #include epan/list_mh.h and inculde my function NeuesListenElement Built my plugin new too. No Errors but if i start wireshark now i get an error : Couldn't load module /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: undefined symbol: NeuesListenElement Why it doesnt know my function ? If you put new functions in libwireshark you must add their names to epan/libwireshark.def so that the symbols get exported. (Previously this file was used only on Windows, but it is now also used to control *NIX symbol exports.) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Ok thx, but can i put my function to .def after make or have i to run make again. The epan/libwireshark.sym will be generated after make. Have to appear my function there too ? cause say dont .. Running 'make' again will rebuild the .sym file (based on the contents of the .def file). ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Thx again Jeff.. now its totally included u save me again ;) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Decompress Data
And i have the next problem. Damn wireshark kick my ass :) I have some packets witch are compress witz zlib. I want to uncompress them. I read the dev-guid about transformed data but i dont have a clue. I were testing some stuff but with no good result. Can someone help me with that ? thx and regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Decompress Data
On Fri, 7 Oct 2011 13:51:13 +0400, Max Dmitrichenko dmitr...@gmail.com wrote: 2011/10/7 Marcel Haas inf...@fh-worms.de: And i have the next problem. Damn wireshark kick my ass :) I have some packets witch are compress witz zlib. I want to uncompress them. I read the dev-guid about transformed data but i dont have a clue. I were testing some stuff but with no good result. Can someone help me with that ? It is simple. 1) You have to know the size of decompressed data, e.g. in buffer_size variable. 2) Alloc the buffer of needed size for it using e.g. se_alloc, e.g. you have pointer to alloced buffer called buffer_ptr. 3) Decompress you data into that buffer. 4) call child_tvb = tvb_new_child_real_data(current_tvb, buffer_ptr, buffer_size, buffer_size); 5) call add_new_data_source(pinfo, child_tvb, Decompressed Data); 6*) Optionally you can dissect child_tvb as any usual TVB. In the GUI you'll get the decompressed data into another tab called Decompressed Data or any other name you provide in step 5. -- Max ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe hmm i dont get it at all .. my code looks like this : guint8 *buff; tvbuff_t *compress_tvb; int captured_size; captured_size=tvb_length_remaining(tvb, offset2); //I think that what u mean by 1 buff= g_malloc(captured_size); // step 2 ? compress_tvb=tvb_new_real_data(buff,captured_size,captured_size);// step 4 ? tvb_set_free_cb(compress_tvb,g_free); // step 4 ? tvb_set_child_real_data_tvbuff(tvb,compress_tvb); // step 4 ? add_new_data_source(pinfo,compress_tvb,Decompressed TVB); //step 5 ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Decompress Data
On Fri, 7 Oct 2011 13:21:15 +0200, fa...@freesurf.fr wrote: I have a example from my plugin if it may help: unsigned char Ip_Buffer[2000]; /* Get the buffer bytes to decompress */ tvb_memcpy(tvb, Ip_Buffer, (*bitoffset)/8,lgpdubit/8); /* * Decompress it: * Decompressed buffer is output in Op_Buffer, * size of the decompressed buffer (in bit in this case) in SizeInBits */ */ rc = decompress(Ip_Buffer, lgpdubit - ((8-bitnb) % 8), (Op_Buffer), O_SizeInBits); /* Now re-setup the tvb buffer to have the new data */ next_tvb = tvb_new_real_data(Op_Buffer, O_SizeInBits/8, O_SizeInBits/8); tvb_set_child_real_data_tvbuff(tvb, next_tvb); add_new_data_source(pInfoG, next_tvb, Decompressed Data); /* From here dissect next_tvb from offset 0 */ Where u get the decompress function and what type does rc have .. ? On Fri, 7 Oct 2011 13:51:13 +0400, Max Dmitrichenko dmitr...@gmail.com wrote: 2011/10/7 Marcel Haas inf...@fh-worms.de: And i have the next problem. Damn wireshark kick my ass :) I have some packets witch are compress witz zlib. I want to uncompress them. I read the dev-guid about transformed data but i dont have a clue. I were testing some stuff but with no good result. Can someone help me with that ? It is simple. 1) You have to know the size of decompressed data, e.g. in buffer_size variable. 2) Alloc the buffer of needed size for it using e.g. se_alloc, e.g. you have pointer to alloced buffer called buffer_ptr. 3) Decompress you data into that buffer. 4) call child_tvb = tvb_new_child_real_data(current_tvb, buffer_ptr, buffer_size, buffer_size); 5) call add_new_data_source(pinfo, child_tvb, Decompressed Data); 6*) Optionally you can dissect child_tvb as any usual TVB. In the GUI you'll get the decompressed data into another tab called Decompressed Data or any other name you provide in step 5. -- Max ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe hmm i dont get it at all .. my code looks like this : guint8 *buff; tvbuff_t *compress_tvb; int captured_size; captured_size=tvb_length_remaining(tvb, offset2); //I think that what u mean by 1 buff= g_malloc(captured_size); // step 2 ? compress_tvb=tvb_new_real_data(buff,captured_size,captured_size);// step 4 ? tvb_set_free_cb(compress_tvb,g_free); // step 4 ? tvb_set_child_real_data_tvbuff(tvb,compress_tvb); // step 4 ? add_new_data_source(pinfo,compress_tvb,Decompressed TVB); //step 5 ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Couldn't load module / undefined symbol:
Hey, I have a new problem. Some of u still remember that im writing my own function and include it to wireshark/epan file folder. i built it in with autogen configure and make. Now i want to include my functions to my dissector plugin. #include epan/list_mh.h and inculde my function NeuesListenElement Built my plugin new too. No Errors but if i start wireshark now i get an error : Couldn't load module /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: undefined symbol: NeuesListenElement Why it doesnt know my function ? thx and regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Couldn't load module / undefined symbol:
Can the problem be caused by multiple installations of Wireshark where the new binary picked up the old lib On Thu, 06 Oct 2011 10:36:00 +0200, Marcel Haas inf...@fh-worms.de wrote: Hey, I have a new problem. Some of u still remember that im writing my own function and include it to wireshark/epan file folder. i built it in with autogen configure and make. Now i want to include my functions to my dissector plugin. #include epan/list_mh.h and inculde my function NeuesListenElement Built my plugin new too. No Errors but if i start wireshark now i get an error : Couldn't load module /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: undefined symbol: NeuesListenElement Why it doesnt know my function ? thx and regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Couldn't load module / undefined symbol:
On Thu, 06 Oct 2011 09:10:38 -0400, Jeff Morriss jeff.morriss...@gmail.com wrote: Marcel Haas wrote: Hey, I have a new problem. Some of u still remember that im writing my own function and include it to wireshark/epan file folder. i built it in with autogen configure and make. Now i want to include my functions to my dissector plugin. #include epan/list_mh.h and inculde my function NeuesListenElement Built my plugin new too. No Errors but if i start wireshark now i get an error : Couldn't load module /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: undefined symbol: NeuesListenElement Why it doesnt know my function ? If you put new functions in libwireshark you must add their names to epan/libwireshark.def so that the symbols get exported. (Previously this file was used only on Windows, but it is now also used to control *NIX symbol exports.) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Ok thx, but can i put my function to .def after make or have i to run make again. The epan/libwireshark.sym will be generated after make. Have to appear my function there too ? cause say dont .. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Couldn't load module / undefined symbol:
On Thu, 06 Oct 2011 16:02:32 +0200, Marcel Haas inf...@fh-worms.de wrote: On Thu, 06 Oct 2011 09:10:38 -0400, Jeff Morriss jeff.morriss...@gmail.com wrote: Marcel Haas wrote: Hey, I have a new problem. Some of u still remember that im writing my own function and include it to wireshark/epan file folder. i built it in with autogen configure and make. Now i want to include my functions to my dissector plugin. #include epan/list_mh.h and inculde my function NeuesListenElement Built my plugin new too. No Errors but if i start wireshark now i get an error : Couldn't load module /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: /home/marcel/Downloads/wireshark-1.6.1/plugins/nos/.libs/nos.so: undefined symbol: NeuesListenElement Why it doesnt know my function ? If you put new functions in libwireshark you must add their names to epan/libwireshark.def so that the symbols get exported. (Previously this file was used only on Windows, but it is now also used to control *NIX symbol exports.) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe Ok thx, but can i put my function to .def after make or have i to run make again. The epan/libwireshark.sym will be generated after make. Have to appear my function there too ? cause say dont .. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe i guess i have to take a break.. im writing totally nonsen... i mean ofcause THEY dont :) ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Building with libtool /epan
Yep, but i dont have a version checked out by SVN. I dl the source code.. so i have directly a Makefile.in On Tue, 04 Oct 2011 09:24:17 -0400, Jeff Morriss jeff.morriss...@gmail.com wrote: Marcel Haas wrote: Hmm Nope.. the makefile will work without any error but at libwireshark.la libdir= is no entry and i guess thats the library so i can not use my functions and now i havent an entry at the .deps file folder I changed it like it was before what i have done is at Makefile.common LIBWIRESHARK_SRC = ... list_mh.c \ ... LIBWIRESHARK_INCLUDES = ... list_mh.c \ ... and Makefile.in Normally you should not edit Makefile.in: it is generated (from the .am and .common files) when you run ./autogen.sh . ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Building with libtool /epan
Thx Jeff .. it works..im happy :) I run ./autogen ./configure and make and it finally works Thx a lot buddy u made my day ;) On Tue, 04 Oct 2011 09:24:17 -0400, Jeff Morriss jeff.morriss...@gmail.com wrote: Marcel Haas wrote: Hmm Nope.. the makefile will work without any error but at libwireshark.la libdir= is no entry and i guess thats the library so i can not use my functions and now i havent an entry at the .deps file folder I changed it like it was before what i have done is at Makefile.common LIBWIRESHARK_SRC = ... list_mh.c \ ... LIBWIRESHARK_INCLUDES = ... list_mh.c \ ... and Makefile.in Normally you should not edit Makefile.in: it is generated (from the .am and .common files) when you run ./autogen.sh . ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Building with libtool /epan
Hey guys.. I have written, my own functions to reassemble split packets. Now I want to include that to wireshark more precisely wireshark/epan. I updated the Makefile.in common .am. If i run ./configure it works. He built me a Makefile and the ./deps file folder. I get a xxx.Plo File with content like dummy what is normal before make. If i run make now he will bulit but stopps with libtool: link: `libwireshark_la-list_mh.lo' is not a valid libtool object so I dont get a .lo file and no .la .a file and in may .Plo is still only dummy the content Maybe someone have an idea.. Thx and regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Building with libtool /epan
Hmm Nope.. the makefile will work without any error but at libwireshark.la libdir= is no entry and i guess thats the library so i can not use my functions and now i havent an entry at the .deps file folder I changed it like it was before what i have done is at Makefile.common LIBWIRESHARK_SRC = ... list_mh.c \ ... LIBWIRESHARK_INCLUDES = ... list_mh.c \ ... and Makefile.in am__objects_1 = libwireshark_la-list_mh.lo \ LIBWIRESHARK_SRC = \ list_mh.c \ LIBWIRESHARK_INCLUDES = \ list_mh.h \ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libwireshark_la-list_mh.Plo@am__quote@ libwireshark_la-list_mh.lo: list_mh.c @am__fastdepCC_TRUE@if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libwireshark_la_CFLAGS) $(CFLAGS) -MT libwireshark_la-list_mh.lo -MD -MP -MF $(DEPDIR)/libwireshark_la-list_mh.Tpo -c -o libwireshark_la-list_mh.lo `test -f 'list_mh.c' || echo '$(srcdir)/'`list_mh.c; \ @am__fastdepCC_TRUE@then mv -f $(DEPDIR)/libwireshark_la-list_mh.Tpo $(DEPDIR)/libwireshark_la-list_mh.Plo; else rm -f $(DEPDIR)/libwireshark_la-list_mh.Tpo; exit 1 ; fi @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='list_mh.c' object='libwireshark_la-list_mh.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libwireshark_la_CFLAGS) $(CFLAGS) -c -o libwireshark_la-list_mh.lo `test -f 'list_mh.c' || echo '$(srcdir)/'`list_mh.c I were doning it the same way reassemble.c /.h was find in the two files. copy paste replace reassemble with list_mh On Tue, 4 Oct 2011 13:00:42 +0200, Anders Broman anders.bro...@ericsson.com wrote: -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Marcel Haas Sent: den 4 oktober 2011 12:53 To: wireshark-dev@wireshark.org Subject: [Wireshark-dev] Building with libtool /epan Hey guys.. I have written, my own functions to reassemble split packets. Now I want to include that to wireshark more precisely wireshark/epan. I updated the Makefile.in common .am. If i run ./configure it works. He built me a Makefile and the ./deps file folder. I get a xxx.Plo File with content like dummy what is normal before make. If i run make now he will bulit but stopps with libtool: link: `libwireshark_la-list_mh.lo' is not a valid libtool object so I dont get a .lo file and no .la .a file and in may .Plo is still only dummy the content Maybe someone have an idea.. Thx and regards Marcel Adding the file to Makefile.common should be enough I think are you doing any weird includes? Regards Anders ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Reassembling Packets need some help plz
First at all thx Chris for the answer. The problem is that my packt isn't split by tcp or udp but split by themself. It only is transported by udp(udp header) The question is can i actually use fragment_add_seq_check to split my packets. Im looking for 2 weeks at this problem now. Makes me go crazy :) Im running out of time. My solution atm is to write my own code to reassemble split packets. But this isn't that easy :) My code runs good without wireshark, now i have to built it in. But if anyone have a solution for my fragment_add_seq_check problem i would be very thankful. Thanks and regards Marcel ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Reassembling Packets need some help plz
Nobody an idea ?
On Tue, 20 Sep 2011 14:43:04 +0200, Marcel Haas inf...@fh-worms.de
wrote:
Hello,
im just writeing my first dissector and i have some problems with the
reassembling
My prtocoll contain some fields for Snode =ID ,Packetnumber and total
packets
i get them with
snode =tvb_get_guint8(tvb,offset);offset +=1;
pnum =tvb_get_guint8(tvb,offset);offset +=1;
totalp =tvb_get_guint8(tvb,offset);
Example for a packet split into 3 :
Snode=12
pnum=1
total=3
Sonde=12
pnum=2
total=3
Snode=12
pnum=3
total=3
the packet consists of an Trans Header, a App Header and Data.
IF its fragmented only the frist packet consists auf tran,app and
data
the other fragments consists only of trans and data.
For the reassembled tvb only the data are importent. the lengh of the
trans-header r given in a field loh.
I think my fragment_add_seq_check function doesnt work right cause
everytime i get a 0 returned
thx.
Code:
save_fragmented = pinfo-fragmented;
if (totalp 1 pnum=totalp){//check if it has to be
reassembled
if(pnum==1){
offset2=loh+20;// First packet, Packet
with Tran + App Header ,App Header =20 Byte
}
else{
offset2=loh; // Not First Packet only
trans header
}
if(totalp==pnum){ more_frag=FALSE;}//Total Packet ==
pnum =Last Packet set more_frags =FALSE
else {more_frag=TRUE;} // Not Last Packet
=set more_frags=TRUE
msg_seqid =snode;
msg_num = pnum-1;
pinfo-fragmented = TRUE;
frag_msg = fragment_add_seq_check(tvb, offset2, pinfo,
msg_seqid, // ID for fragments belonging together
msg_fragment_table, // list of message fragments
msg_reassembled_table, // list of reassembled
messages
msg_num, // fragment sequence number
tvb_length_remaining(tvb, offset2), //fragment length
- to the end
more_frag); // More Frag
printf(%d,(int)frag_msg);// PRINTF wieder raus
new_tvb = process_reassembled_data(tvb, offset2, pinfo,
Reassembled Message, frag_msg, msg_frag_items,
NULL,nos_tree);
if (frag_msg) { // Reassembled
col_append_str(pinfo-cinfo, COL_INFO,
(Message Reassembled));
} else { // Not last packet of reassembled Short Message
col_append_fstr(pinfo-cinfo, COL_INFO,
(Message fragment %u), msg_num);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Frag: %u), pinfo-fragmented);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Visit: %u), pinfo-fd-flags.visited);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Fragmsg: %d), (int)frag_msg);
}
if (new_tvb) { // take it all
col_append_str(pinfo-cinfo, COL_INFO,
(NEW TVB));
//offset=0;
//proto_tree_add_item(nos_tree, hf_nos_data, new_tvb,
offset, -1, FALSE);
next_tvb = new_tvb;
} else { // make a new subset
next_tvb = tvb_new_subset(tvb, offset2, -1, -1);
}
}
else { // Not fragmented
next_tvb = tvb_new_subset(tvb, offset2, -1, -1);
}
pinfo-fragmented = save_fragmented;
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Reassembling Packets need some help plz
Hello,
im just writeing my first dissector and i have some problems with the
reassembling
My prtocoll contain some fields for Snode =ID ,Packetnumber and total
packets
i get them with
snode =tvb_get_guint8(tvb,offset);offset +=1;
pnum =tvb_get_guint8(tvb,offset);offset +=1;
totalp =tvb_get_guint8(tvb,offset);
Example for a packet split into 3 :
Snode=12
pnum=1
total=3
Sonde=12
pnum=2
total=3
Snode=12
pnum=3
total=3
the packet consists of an Trans Header, a App Header and Data.
IF its fragmented only the frist packet consists auf tran,app and data
the other fragments consists only of trans and data.
For the reassembled tvb only the data are importent. the lengh of the
trans-header r given in a field loh.
I think my fragment_add_seq_check function doesnt work right cause
everytime i get a 0 returned
thx.
Code:
save_fragmented = pinfo-fragmented;
if (totalp 1 pnum=totalp){//check if it has to be
reassembled
if(pnum==1){
offset2=loh+20;// First packet, Packet with
Tran + App Header ,App Header =20 Byte
}
else{
offset2=loh; // Not First Packet only
trans header
}
if(totalp==pnum){ more_frag=FALSE;}//Total Packet ==
pnum =Last Packet set more_frags =FALSE
else {more_frag=TRUE;} // Not Last Packet
=set more_frags=TRUE
msg_seqid =snode;
msg_num = pnum-1;
pinfo-fragmented = TRUE;
frag_msg = fragment_add_seq_check(tvb, offset2, pinfo,
msg_seqid, // ID for fragments belonging together
msg_fragment_table, // list of message fragments
msg_reassembled_table, // list of reassembled messages
msg_num, // fragment sequence number
tvb_length_remaining(tvb, offset2), //fragment length -
to the end
more_frag); // More Frag
printf(%d,(int)frag_msg);// PRINTF wieder raus
new_tvb = process_reassembled_data(tvb, offset2, pinfo,
Reassembled Message, frag_msg, msg_frag_items,
NULL,nos_tree);
if (frag_msg) { // Reassembled
col_append_str(pinfo-cinfo, COL_INFO,
(Message Reassembled));
} else { // Not last packet of reassembled Short Message
col_append_fstr(pinfo-cinfo, COL_INFO,
(Message fragment %u), msg_num);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Frag: %u), pinfo-fragmented);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Visit: %u), pinfo-fd-flags.visited);
col_append_fstr(pinfo-cinfo, COL_INFO,
(Fragmsg: %d), (int)frag_msg);
}
if (new_tvb) { // take it all
col_append_str(pinfo-cinfo, COL_INFO,
(NEW TVB));
//offset=0;
//proto_tree_add_item(nos_tree, hf_nos_data, new_tvb,
offset, -1, FALSE);
next_tvb = new_tvb;
} else { // make a new subset
next_tvb = tvb_new_subset(tvb, offset2, -1, -1);
}
}
else { // Not fragmented
next_tvb = tvb_new_subset(tvb, offset2, -1, -1);
}
pinfo-fragmented = save_fragmented;
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
