Re: [Wireshark-dev] Dissector - plugin or built-in
I didn’t realise that the support effort is greater. I was thinking, coding all dissectors, including new and existing block types, as plugins seems like a good strategic direction. Surely beefing up the plugin framework would make Wireshark more extensible. Anyway, I’ll re-code as built-in as suggested. From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Roland Knall Sent: 01 March 2018 10:27 To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] Dissector - plugin or built-in On Thu, Mar 1, 2018 at 11:22 AM, Graham Bloice <graham.blo...@trihedral.com<mailto:graham.blo...@trihedral.com>> wrote: On 1 March 2018 at 10:18, Roland Knall <rkn...@gmail.com<mailto:rkn...@gmail.com>> wrote: We do not have any other dissector within the code, which dissects blocktypes. Therefore I would not be so sure, that it will get rejected (in my book it definitely should not). But it most likely will get rejected as a plugin. Main reasons for built-in: - Easier to maintain - Best-practice approach - Would name it something like blocktype_trb.c or similar to distinguish from protocol-only dissectors Should we have a separate spot in the source tree for block type dissectors? I'm not sure if we will ever have lots, but should we keep epan/dissectors for "protocol" dissectors. Yeah, I was thinking along the same lines. like epan/blocktypes in comparison to epan/dissectors But we already have file-xxx dissectors in there. It would also make sense to have a epan/dissectors/packet, epan/dissectors/file, epan/dissectors/blocktype structure. What do you think? cheers Roland __ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com __ ___ Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector - plugin or built-in
OK – I’ll take a look. Best regards…Paul From: Wireshark-dev [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Pascal Quantin Sent: 01 March 2018 10:24 To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] Dissector - plugin or built-in Hi Paul, Le 1 mars 2018 10:47, "Paul Offord" <paul.off...@advance7.com<mailto:paul.off...@advance7.com>> a écrit : Hi Pascal, Thanks for your note regarding my change 26203 - https://code.wireshark.org/review/#/c/26203/ . You suggested that I submit it as a built-in dissector, not a plugin. I’m not keen for two reasons: * If it is rejected (and I have a feeling it will be), I’ll then have to rewrite it to offer as an optional plugin * I think adding it as a built-in dissector means changes to core Wireshark code Why do you think it should be a built-in dissector? Because : - we do not want to end with tons of plugins to support, that are heavier than built-in ones (startup time, more files to install,...) - our policy is to add new dissectors as built-in, not plugins (we are even converting some old plugins to built-in) Plugins are usually used for people not willing to submit code to Wireshark upstream. This is not your case, so you should really convert it to built-in (which is a 5 mn work or even less). Best regards, Pascal. __ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com __ ___ Sent via:Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector - plugin or built-in
On 1 March 2018 at 10:27, Roland Knallwrote: > > > On Thu, Mar 1, 2018 at 11:22 AM, Graham Bloice < > graham.blo...@trihedral.com> wrote: > >> >> >> On 1 March 2018 at 10:18, Roland Knall wrote: >> >>> We do not have any other dissector within the code, which dissects >>> blocktypes. Therefore I would not be so sure, that it will get rejected (in >>> my book it definitely should not). >>> >>> But it most likely will get rejected as a plugin. >>> >>> Main reasons for built-in: >>> >>> - Easier to maintain >>> - Best-practice approach >>> - Would name it something like blocktype_trb.c or similar to distinguish >>> from protocol-only dissectors >>> >> >> Should we have a separate spot in the source tree for block type >> dissectors? I'm not sure if we will ever have lots, but should we keep >> epan/dissectors for "protocol" dissectors. >> > > > Yeah, I was thinking along the same lines. like epan/blocktypes in > comparison to epan/dissectors > > But we already have file-xxx dissectors in there. It would also make sense > to have a epan/dissectors/packet, epan/dissectors/file, > epan/dissectors/blocktype structure. > > What do you think? > > Probably just my OCD tendencies kicking in, is there any benefit for devs to doing so? > cheers > Roland > > -- Graham Bloice ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector - plugin or built-in
Hi Paul, Le 1 mars 2018 10:47, "Paul Offord"a écrit : Hi Pascal, Thanks for your note regarding my change 26203 - https://code.wireshark.org/ review/#/c/26203/ . You suggested that I submit it as a built-in dissector, not a plugin. I’m not keen for two reasons: - If it is rejected (and I have a feeling it will be), I’ll then have to rewrite it to offer as an optional plugin - I think adding it as a built-in dissector means changes to core Wireshark code Why do you think it should be a built-in dissector? Because : - we do not want to end with tons of plugins to support, that are heavier than built-in ones (startup time, more files to install,...) - our policy is to add new dissectors as built-in, not plugins (we are even converting some old plugins to built-in) Plugins are usually used for people not willing to submit code to Wireshark upstream. This is not your case, so you should really convert it to built-in (which is a 5 mn work or even less). Best regards, Pascal. ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector - plugin or built-in
On 1 March 2018 at 10:18, Roland Knallwrote: > We do not have any other dissector within the code, which dissects > blocktypes. Therefore I would not be so sure, that it will get rejected (in > my book it definitely should not). > > But it most likely will get rejected as a plugin. > > Main reasons for built-in: > > - Easier to maintain > - Best-practice approach > - Would name it something like blocktype_trb.c or similar to distinguish > from protocol-only dissectors > Should we have a separate spot in the source tree for block type dissectors? I'm not sure if we will ever have lots, but should we keep epan/dissectors for "protocol" dissectors. > - Documentation of a sparsely used feature > > - We don't like plugins in the main sourcecode > > cheers > Roland > > > On Thu, Mar 1, 2018 at 10:46 AM, Paul Offord > wrote: > >> Hi Pascal, >> >> >> >> Thanks for your note regarding my change 26203 - >> https://code.wireshark.org/review/#/c/26203/ . You suggested that I >> submit it as a built-in dissector, not a plugin. I’m not keen for two >> reasons: >> >> >> >>- If it is rejected (and I have a feeling it will be), I’ll then have >>to rewrite it to offer as an optional plugin >>- I think adding it as a built-in dissector means changes to core >>Wireshark code >> >> >> >> Why do you think it should be a built-in dissector? >> >> >> >> Thanks and regards…Paul >> >> __ >> >> This message contains confidential information and is intended only for >> the individual named. If you are not the named addressee you should not >> disseminate, distribute or copy this e-mail. Please notify the sender >> immediately by e-mail if you have received this e-mail by mistake and >> delete this e-mail from your system. >> >> Any views or opinions expressed are solely those of the author and do not >> necessarily represent those of Advance Seven Ltd. E-mail transmission >> cannot be guaranteed to be secure or error-free as information could be >> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or >> contain viruses. The sender therefore does not accept liability for any >> errors or omissions in the contents of this message, which arise as a >> result of e-mail transmission. >> >> Advance Seven Ltd. Registered in England & Wales numbered 2373877 at >> Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ >> >> __ >> This email has been scanned by the Symantec Email Security.cloud service. >> For more information please visit http://www.symanteccloud.com >> __ >> >> >> ___ >> Sent via:Wireshark-dev mailing list >> Archives:https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscr >> ibe >> > > > > ___ > Sent via:Wireshark-dev mailing list > Archives:https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject= > unsubscribe > -- Graham Bloice Software Developer Trihedral UK Limited ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector - plugin or built-in
We do not have any other dissector within the code, which dissects blocktypes. Therefore I would not be so sure, that it will get rejected (in my book it definitely should not). But it most likely will get rejected as a plugin. Main reasons for built-in: - Easier to maintain - Best-practice approach - Would name it something like blocktype_trb.c or similar to distinguish from protocol-only dissectors - Documentation of a sparsely used feature - We don't like plugins in the main sourcecode cheers Roland On Thu, Mar 1, 2018 at 10:46 AM, Paul Offordwrote: > Hi Pascal, > > > > Thanks for your note regarding my change 26203 - > https://code.wireshark.org/review/#/c/26203/ . You suggested that I > submit it as a built-in dissector, not a plugin. I’m not keen for two > reasons: > > > >- If it is rejected (and I have a feeling it will be), I’ll then have >to rewrite it to offer as an optional plugin >- I think adding it as a built-in dissector means changes to core >Wireshark code > > > > Why do you think it should be a built-in dissector? > > > > Thanks and regards…Paul > > __ > > This message contains confidential information and is intended only for > the individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this e-mail by mistake and > delete this e-mail from your system. > > Any views or opinions expressed are solely those of the author and do not > necessarily represent those of Advance Seven Ltd. E-mail transmission > cannot be guaranteed to be secure or error-free as information could be > intercepted, corrupted, lost, destroyed, arrive late or incomplete, or > contain viruses. The sender therefore does not accept liability for any > errors or omissions in the contents of this message, which arise as a > result of e-mail transmission. > > Advance Seven Ltd. Registered in England & Wales numbered 2373877 at > Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ > > __ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > __ > > > ___ > Sent via:Wireshark-dev mailing list > Archives:https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject= > unsubscribe > ___ Sent via:Wireshark-dev mailing list Archives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Dissector - plugin or built-in
Hi Pascal, Thanks for your note regarding my change 26203 - https://code.wireshark.org/review/#/c/26203/ . You suggested that I submit it as a built-in dissector, not a plugin. I'm not keen for two reasons: * If it is rejected (and I have a feeling it will be), I'll then have to rewrite it to offer as an optional plugin * I think adding it as a built-in dissector means changes to core Wireshark code Why do you think it should be a built-in dissector? Thanks and regards...Paul __ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ __ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com _ Sent via:Wireshark-dev mailing listArchives:https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Dissector plugin not working with wireshark 1.12.3
Hi list, I've recently updated my Wireshark to 1.12.3. I created a plugin that worked fine with previous versions but now I'm facing some problems. The plugins still compile and is correctly loaded by wireshark on Windows On my ubuntu 14.04, it is not loaded anymore. The problem seems to come from the register fonction. If there is only one element in the hf_register_info array, the plugin is being correctly loaded by Wireshark. But with more than one items, Wireshark crashes. Does anyone know what's wrong ? Regards, ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector plugin not working with wireshark 1.12.3
2015-02-17 10:08 GMT+01:00 yannick omnes yom...@aviwest.com: Hi list, I've recently updated my Wireshark to 1.12.3. I created a plugin that worked fine with previous versions but now I'm facing some problems. The plugins still compile and is correctly loaded by wireshark on Windows On my ubuntu 14.04, it is not loaded anymore. The problem seems to come from the register fonction. If there is only one element in the hf_register_info array, the plugin is being correctly loaded by Wireshark. But with more than one items, Wireshark crashes. Does anyone know what's wrong ? Hi Yannick, without having access to your code, it's almost impossible to provide you support. Have you checked with a debugger where it fails more precisely? What version were you using previously? Regards, Pascal. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector plugin not working with wireshark 1.12.3
Hi Pascal, Thank you for your answer, The plugin crashes (dereferencing a NULL pointer) in the second iteration of the loop in proto_register_field_array. Looking around, i noticed that the bitmask field of header_field_info changed betwen 1.10.6 and 1.12.3, it was a guint64 and is now a guint32. I didn't update my wireshark-dev package (just noticed that) so that might be the problem. Where can I find the dev package for wireshark 1.12.3 ? (The one provided by aptitude is out-of-date) Regards, Yannick Le 17/02/2015 10:42, Pascal Quantin a écrit : 2015-02-17 10:08 GMT+01:00 yannick omnes yom...@aviwest.com mailto:yom...@aviwest.com: Hi list, I've recently updated my Wireshark to 1.12.3. I created a plugin that worked fine with previous versions but now I'm facing some problems. The plugins still compile and is correctly loaded by wireshark on Windows On my ubuntu 14.04, it is not loaded anymore. The problem seems to come from the register fonction. If there is only one element in the hf_register_info array, the plugin is being correctly loaded by Wireshark. But with more than one items, Wireshark crashes. Does anyone know what's wrong ? Hi Yannick, without having access to your code, it's almost impossible to provide you support. Have you checked with a debugger where it fails more precisely? What version were you using previously? Regards, Pascal. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- void proto_register_ebonding(void) { static hf_register_info hf_ebonding[] = { { hf_ebonding_id, { Packet id, ebonding.id, FT_UINT16, BASE_DEC_HEX, VALS(id_field), 0xF0, NULL, HFILL } }, { hf_ebonding_type, { Packet type, ebonding.type, FT_UINT16, BASE_DEC_HEX, VALS(type_field), 0x8, NULL, HFILL } }, { hf_ebonding_seqnum, { Seqnum, ebonding.seqnum, FT_UINT16, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }, }, { hf_ebonding_seqnumglobal, { Seqnum, ebonding.seqnum, FT_UINT16, BASE_CUSTOM, seqnumdisplay, 0xFF07, NULL, HFILL }, }, { hf_ebonding_cmd, { Command, ebonding.cmd, FT_UINT8, BASE_DEC_HEX, VALS(command_field), 0x0, NULL, HFILL } }, { hf_ebonding_cmd_counter, { Counter, ebonding.counter, FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }, }, { hf_ebonding_cmd_retry, { Retry, ebonding.retry, FT_UINT8, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }, }, { hf_ebonding_timestamps, { Timestamp, ebonding.timestamp, FT_UINT32, BASE_DEC_HEX, NULL, 0x0, NULL, HFILL }, }, }; static gint *ett_ebonding_arr[] = { ett_ebonding, ett_timestamps, ett_seqnum, ett_lastseqnum, }; proto_register_field_array (proto_ebonding, hf_ebonding, array_length (hf_ebonding)); proto_register_subtree_array (ett_ebonding_arr, array_length (ett_ebonding_arr)); ebonding_tap = register_tap(ebonding); } ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Dissector plugin not working with wireshark 1.12.3
2015-02-17 12:41 GMT+01:00 yannick omnes yom...@aviwest.com: Hi Pascal, Thank you for your answer, The plugin crashes (dereferencing a NULL pointer) in the second iteration of the loop in proto_register_field_array. Looking around, i noticed that the bitmask field of header_field_info changed betwen 1.10.6 and 1.12.3, it was a guint64 and is now a guint32. I didn't update my wireshark-dev package (just noticed that) so that might be the problem. Where can I find the dev package for wireshark 1.12.3 ? (The one provided by aptitude is out-of-date) Hi Yannick, you can find the Wireshark 1.12.3 source code on this page: https://www.wireshark.org/download.html . It contains the full source tree, including the include files you might need to compile your plugin. Note that according to https://packages.debian.org/search?keywords=wireshark-de, there is also a wheezy-backports repository that provides the wireshark-dev package for 1.12.1 which should be compatible with 1.12.3. As you noticed, it's always mandatory to recompile a plugin between major Wireshark releases as there is no guarantee that the internal API will be compatible (well let's say that it's guaranteed that it will NOT be compatible ;) ). Regards, Yannick Le 17/02/2015 10:42, Pascal Quantin a écrit : 2015-02-17 10:08 GMT+01:00 yannick omnes yom...@aviwest.com: Hi list, I've recently updated my Wireshark to 1.12.3. I created a plugin that worked fine with previous versions but now I'm facing some problems. The plugins still compile and is correctly loaded by wireshark on Windows On my ubuntu 14.04, it is not loaded anymore. The problem seems to come from the register fonction. If there is only one element in the hf_register_info array, the plugin is being correctly loaded by Wireshark. But with more than one items, Wireshark crashes. Does anyone know what's wrong ? Hi Yannick, without having access to your code, it's almost impossible to provide you support. Have you checked with a debugger where it fails more precisely? What version were you using previously? Regards, Pascal. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] dissector plugin
Hello, i am trying to write a plugin dissector for tinyos packets. I have a couple of questions with it: it is a network layer protocol with a simple strucure : AM_type, payload. The dissector samples have a port number field to associate the dissector with the incoming packets. Now wireshark cannot grab these packets directly but i am sending these packets to Wireshark over a pipe. Now what value shoudl i give for the port number and how does wireshark know when to use this dissector since there is not port no field in my packet. PS: This is a dissector for network layer packet in IEEE 802.15.4 stack. Complete frame format: FCS | Seq# | Addressing Info |* AM_type | Payload* | CRC Thnks, Vijay ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] dissector plugin help
Philippe I sent you an e-mail with some screen shots but it appears the screen shots were too big. So here is my outcome...maybe you will get the screenshots later. I still get the same results. I changed in the code where the ports file lives at to (c:/ports.txt). My ports.txt file is at the root of C:. I rebuilt the code. Deployed the .dll's files to the plugin directory of several machines running different versions of wireshrak and I still get: **Couldn't load module, The specified module could not be found.** I build your code using VS 2005. Any Thoughts...?? Are you able to run my plugin on any machine or just a development machine..? The goal of this plugin is to have people download the helen.dll file place it in their plugin directory and have it work. Having them download wireshark and build it to get my plugin to run is probably too much effort I can get this to work on Linux with no problems. They download the helen.so file place it in the plugin directory and everything works fine. Thanks again for all your help. Brian philippe alarcon wrote: Hello Brian, I have taken your code and created the plugin using my environment. I have no problem to load your plugin. Find here attached all the package. May be you could check if the created dll works with your Wireshark. Note that I have changed the directory used to get ports.txt in the source. May be this can help you in solving your problem. If you send an example of capture, I can check if your dissector is working correctly with your protocol. Regards Philippe Date: Fri, 27 Mar 2009 00:12:52 -0400 From: olek...@darkcornersoftware.com To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] dissector plugin help Olivier (wsge) I really appreciate your quick response. I have added the following line to my Makefile.nmake mt.exe -manifest helen.dll.manifest - outputresource:helen.dll;2 This does indeed create a helen.dll.manifest file. I take that along with the helen.dll file and copy it into my plugins directory on another (deployment) machine. I am still getting the error: *Couldn't load module, The specified module could not be found.* Am I missing something here..? Attached is all my code and files in the helen.zip file. Also attached is my ports file that goes in the root of C: (c:\ports.txt) Some things have changed from my last e-mail. I downloaded the source wireshark-1.1.2-SVN-26844. I built wireshark using the Visual Studio 2005 Command prompt. I put my plugin in place and it too builds fine and runs great on the development machine. I have no problems running my software and dissecting packets. But when I copy the helen.dll.manifest and the helen.dll to another machine I get **Couldn't load module, The specified module could not be found.** Any thoughts..? Thank you very much for your help. Brian wsgd wrote: I think the answer is into your first mail : http://www.wireshark.org/lists/wireshark-dev/200902/msg00013.html To include the manifest inside the dll : mt.exe -manifest dll_name.dll.manifest - outputresource:dll_name.dll;2 Also, into proto_reg_handoff_helen, if you have many ports, you are calling many times : - data_handle = find_dissector(data); --- useless - helen_handle = create_dissector_handle(dissect_helen, proto_helen); --- I do not think it works Olivier Brian Oleksa a écrit : Olivier (wsgd) I fixed the problem in the code that you found. Thanks again for finding this. I tested it on the development machine and it worked great.!! I then took the created helen.dll file and dropped it on a deploy machine that is running the same version of wireshark that I developed against only to find that it Couldn't load module, The specified module could not be found. Any suggestions or thoughts on this one..? Thanks again for all your help. Brian wsgd wrote: Hello, Into proto_reg_handoff_helen, you try to fopen(/root/ports, r), which certainly fails on windows, so you call exit(1). Olivier Brian Oleksa a écrit : Wiresharkers I have followed these instructions: (I used both of these as one was more clear than the other on certain tasks). http://www.codeproject.com/KB/IP/custom_dissector.aspx http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html I am using: MSVC_VARIANT=MSVC2008EE I then verify_tools, install libraries (nmake -f Makefile.nmake setup), distclean and build
Re: [Wireshark-dev] dissector plugin help
Hi Brian, We have not the same environment. On my station, I have generated WireShark 1.1.3, and I use Microsoft Visual C++ 2008 Express Edition. In this environment, your plugin is running correctly. I remember that others have encountered problems for using a recent plugin with older versions of WireShark, and/or for generating plugin without having the complete development tree of WireShark. Have you searched in the mail archives ? Regards Philippe Date: Fri, 27 Mar 2009 08:34:02 -0400 From: olek...@darkcornersoftware.com To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] dissector plugin help Philippe I sent you an e-mail with some screen shots but it appears the screen shots were too big. So here is my outcome...maybe you will get the screenshots later. I still get the same results. I changed in the code where the ports file lives at to (c:/ports.txt). My ports.txt file is at the root of C:. I rebuilt the code. Deployed the .dll's files to the plugin directory of several machines running different versions of wireshrak and I still get: **Couldn't load module, The specified module could not be found.** I build your code using VS 2005. Any Thoughts...?? Are you able to run my plugin on any machine or just a development machine..? The goal of this plugin is to have people download the helen.dll file place it in their plugin directory and have it work. Having them download wireshark and build it to get my plugin to run is probably too much effort I can get this to work on Linux with no problems. They download the helen.so file place it in the plugin directory and everything works fine. Thanks again for all your help. Brian philippe alarcon wrote: Hello Brian, I have taken your code and created the plugin using my environment. I have no problem to load your plugin. Find here attached all the package. May be you could check if the created dll works with your Wireshark. Note that I have changed the directory used to get ports.txt in the source. May be this can help you in solving your problem. If you send an example of capture, I can check if your dissector is working correctly with your protocol. Regards Philippe Date: Fri, 27 Mar 2009 00:12:52 -0400 From: olek...@darkcornersoftware.com To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] dissector plugin help Olivier (wsge) I really appreciate your quick response. I have added the following line to my Makefile.nmake mt.exe -manifest helen.dll.manifest - outputresource:helen.dll;2 This does indeed create a helen.dll.manifest file. I take that along with the helen.dll file and copy it into my plugins directory on another (deployment) machine. I am still getting the error: *Couldn't load module, The specified module could not be found.* Am I missing something here..? Attached is all my code and files in the helen.zip file. Also attached is my ports file that goes in the root of C: (c:\ports.txt) Some things have changed from my last e-mail. I downloaded the source wireshark-1.1.2-SVN-26844. I built wireshark using the Visual Studio 2005 Command prompt. I put my plugin in place and it too builds fine and runs great on the development machine. I have no problems running my software and dissecting packets. But when I copy the helen.dll.manifest and the helen.dll to another machine I get **Couldn't load module, The specified module could not be found.** Any thoughts..? Thank you very much for your help. Brian wsgd wrote: I think the answer is into your first mail : http://www.wireshark.org/lists/wireshark-dev/200902/msg00013.html To include the manifest inside the dll : mt.exe -manifest dll_name.dll.manifest - outputresource:dll_name.dll;2 Also, into proto_reg_handoff_helen, if you have many ports, you are calling many times : - data_handle = find_dissector(data); --- useless - helen_handle = create_dissector_handle(dissect_helen, proto_helen); --- I do not think it works Olivier Brian Oleksa a écrit : Olivier (wsgd) I fixed the problem in the code that you found. Thanks again for finding this. I tested it on the development machine and it worked great.!! I then took the created helen.dll file and dropped it on a deploy machine that is running the same version of wireshark that I developed against only to find that it Couldn't load module, The specified module could not be found. Any suggestions or thoughts on this one..? Thanks again for all your help. Brian wsgd wrote: Hello, Into proto_reg_handoff_helen
Re: [Wireshark-dev] dissector plugin help
Philippe I have recompiled my plugin using Microsoft Visual C++ 2008 Express Edition. I deployed it and it worked..!! It appears that the C RunTime Libraries where indeed the problem (version mismatch). Thanks for all your help. I should be good to go for now. Thanks again..!! Brian philippe alarcon wrote: Hi Brian, We have not the same environment. On my station, I have generated WireShark 1.1.3, and I use Microsoft Visual C++ 2008 Express Edition. In this environment, your plugin is running correctly. I remember that others have encountered problems for using a recent plugin with older versions of WireShark, and/or for generating plugin without having the complete development tree of WireShark. Have you searched in the mail archives ? Regards Philippe Date: Fri, 27 Mar 2009 08:34:02 -0400 From: olek...@darkcornersoftware.com To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] dissector plugin help Philippe I sent you an e-mail with some screen shots but it appears the screen shots were too big. So here is my outcome...maybe you will get the screenshots later. I still get the same results. I changed in the code where the ports file lives at to (c:/ports.txt). My ports.txt file is at the root of C:. I rebuilt the code. Deployed the .dll's files to the plugin directory of several machines running different versions of wireshrak and I still get: **Couldn't load module, The specified module could not be found.** I build your code using VS 2005. Any Thoughts...?? Are you able to run my plugin on any machine or just a development machine..? The goal of this plugin is to have people download the helen.dll file place it in their plugin directory and have it work. Having them download wireshark and build it to get my plugin to run is probably too much effort I can get this to work on Linux with no problems. They download the helen.so file place it in the plugin directory and everything works fine. Thanks again for all your help. Brian philippe alarcon wrote: Hello Brian, I have taken your code and created the plugin using my environment. I have no problem to load your plugin. Find here attached all the package. May be you could check if the created dll works with your Wireshark. Note that I have changed the directory used to get ports.txt in the source. May be this can help you in solving your problem. If you send an example of capture, I can check if your dissector is working correctly with your protocol. Regards Philippe Date: Fri, 27 Mar 2009 00:12:52 -0400 From: olek...@darkcornersoftware.com To: wireshark-dev@wireshark.org Subject: Re: [Wireshark-dev] dissector plugin help Olivier (wsge) I really appreciate your quick response. I have added the following line to my Makefile.nmake mt.exe -manifest helen.dll.manifest - outputresource:helen.dll;2 This does indeed create a helen.dll.manifest file. I take that along with the helen.dll file and copy it into my plugins directory on another (deployment) machine. I am still getting the error: *Couldn't load module, The specified module could not be found.* Am I missing something here..? Attached is all my code and files in the helen.zip file. Also attached is my ports file that goes in the root of C: (c:\ports.txt) Some things have changed from my last e-mail. I downloaded the source wireshark-1.1.2-SVN-26844. I built wireshark using the Visual Studio 2005 Command prompt. I put my plugin in place and it too builds fine and runs great on the development machine. I have no problems running my software and dissecting packets. But when I copy the helen.dll.manifest and the helen.dll to another machine I get **Couldn't load module, The specified module could not be found.** Any thoughts..? Thank you very much for your help. Brian wsgd wrote: I think the answer is into your first mail : http://www.wireshark.org/lists/wireshark-dev/200902/msg00013.html To include the manifest inside the dll : mt.exe -manifest dll_name.dll.manifest - outputresource:dll_name.dll;2 Also, into proto_reg_handoff_helen, if you have many ports, you are calling many times : - data_handle = find_dissector(data); --- useless - helen_handle = create_dissector_handle(dissect_helen, proto_helen); --- I do not think it works Olivier Brian Oleksa a écrit : Olivier (wsgd) I fixed the problem in the code that you found. Thanks again for finding this. I tested it on the development machine and it worked great.!! I then took the created helen.dll file and dropped it on a deploy machine that is running the same version of wireshark that I developed against only to find that it Couldn't load
Re: [Wireshark-dev] dissector plugin help
Hello, Into proto_reg_handoff_helen, you try to fopen(/root/ports, r), which certainly fails on windows, so you call exit(1). Olivier Brian Oleksa a écrit : Wiresharkers I have followed these instructions: (I used both of these as one was more clear than the other on certain tasks). http://www.codeproject.com/KB/IP/custom_dissector.aspx http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html I am using: MSVC_VARIANT=MSVC2008EE I then verify_tools, install libraries (nmake -f Makefile.nmake setup), distclean and build wireshark with *NO *problems. I then test wireshark and it does indeed start up with *NO *problems. I then create my wireshark dissector code, make files etc.* (NOTE: This runs on Linux FC-9 with NO problems. If I take the attached helen.zip file go to my linux box, do a make install and put the helen.so file in the plugin directory everything works fine.) * I drop my code in place. C:\wireshark\plugins\helen The name of my wireshark dissector is called helen. From the C:\wireshark\plugins\helen directory I do the following: nmake -f Makefile.nmake distclean nmake -f Makefile.nmake all I have NO errors and it does indeed create a *helen.dll* file. (Which I believe is what I want). I drop this helen.dll file in the following directory: C:\wireshark\wireshark-gtk2\plugins\1.1.4HELEN-DISSECTOR I start up wireshark (by invoking wireshark.exe) the splash screen appears for a second than disappears. So it never start up. It does not provide me with a error message. I tried the following work around (click on link below) but had NO luck. http://www.wireshark.org/lists/wireshark-dev/200902/msg00013.html So at this point...I am stuck. Attached is all my code (helen.zip). Again, this same code works on my fedora core 9 box. Any help is greatly appreciated. Thank you Brian Oleksa Software Developer Dark Corner Software ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- Wireshark Generic Dissector http://wsgd.free.fr ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] dissector plugin help
Olivier (wsgd) Thank you very much..!! This was indeed the problem. No wonder it worked on Linux and not Windows :-) I thought for sure that it was a version mismatch or something. Thanks again... I really appreciate it. I have been playing with this all day. Brian wsgd wrote: Hello, Into proto_reg_handoff_helen, you try to fopen(/root/ports, r), which certainly fails on windows, so you call exit(1). Olivier Brian Oleksa a écrit : Wiresharkers I have followed these instructions: (I used both of these as one was more clear than the other on certain tasks). http://www.codeproject.com/KB/IP/custom_dissector.aspx http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html I am using: MSVC_VARIANT=MSVC2008EE I then verify_tools, install libraries (nmake -f Makefile.nmake setup), distclean and build wireshark with *NO *problems. I then test wireshark and it does indeed start up with *NO *problems. I then create my wireshark dissector code, make files etc.* (NOTE: This runs on Linux FC-9 with NO problems. If I take the attached helen.zip file go to my linux box, do a make install and put the helen.so file in the plugin directory everything works fine.) * I drop my code in place. C:\wireshark\plugins\helen The name of my wireshark dissector is called helen. From the C:\wireshark\plugins\helen directory I do the following: nmake -f Makefile.nmake distclean nmake -f Makefile.nmake all I have NO errors and it does indeed create a *helen.dll* file. (Which I believe is what I want). I drop this helen.dll file in the following directory: C:\wireshark\wireshark-gtk2\plugins\1.1.4HELEN-DISSECTOR I start up wireshark (by invoking wireshark.exe) the splash screen appears for a second than disappears. So it never start up. It does not provide me with a error message. I tried the following work around (click on link below) but had NO luck. http://www.wireshark.org/lists/wireshark-dev/200902/msg00013.html So at this point...I am stuck. Attached is all my code (helen.zip). Again, this same code works on my fedora core 9 box. Any help is greatly appreciated. Thank you Brian Oleksa Software Developer Dark Corner Software ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] dissector plugin help
Olivier (wsgd) I fixed the problem in the code that you found. Thanks again for finding this. I tested it on the development machine and it worked great.!! I then took the created helen.dll file and dropped it on a deploy machine that is running the same version of wireshark that I developed against only to find that it Couldn't load module, The specified module could not be found. Any suggestions or thoughts on this one..? Thanks again for all your help. Brian wsgd wrote: Hello, Into proto_reg_handoff_helen, you try to fopen(/root/ports, r), which certainly fails on windows, so you call exit(1). Olivier Brian Oleksa a écrit : Wiresharkers I have followed these instructions: (I used both of these as one was more clear than the other on certain tasks). http://www.codeproject.com/KB/IP/custom_dissector.aspx http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html I am using: MSVC_VARIANT=MSVC2008EE I then verify_tools, install libraries (nmake -f Makefile.nmake setup), distclean and build wireshark with *NO *problems. I then test wireshark and it does indeed start up with *NO *problems. I then create my wireshark dissector code, make files etc.* (NOTE: This runs on Linux FC-9 with NO problems. If I take the attached helen.zip file go to my linux box, do a make install and put the helen.so file in the plugin directory everything works fine.) * I drop my code in place. C:\wireshark\plugins\helen The name of my wireshark dissector is called helen. From the C:\wireshark\plugins\helen directory I do the following: nmake -f Makefile.nmake distclean nmake -f Makefile.nmake all I have NO errors and it does indeed create a *helen.dll* file. (Which I believe is what I want). I drop this helen.dll file in the following directory: C:\wireshark\wireshark-gtk2\plugins\1.1.4HELEN-DISSECTOR I start up wireshark (by invoking wireshark.exe) the splash screen appears for a second than disappears. So it never start up. It does not provide me with a error message. I tried the following work around (click on link below) but had NO luck. http://www.wireshark.org/lists/wireshark-dev/200902/msg00013.html So at this point...I am stuck. Attached is all my code (helen.zip). Again, this same code works on my fedora core 9 box. Any help is greatly appreciated. Thank you Brian Oleksa Software Developer Dark Corner Software ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] dissector plugin help
I think the answer is into your first mail : http://www.wireshark.org/lists/wireshark-dev/200902/msg00013.html To include the manifest inside the dll : mt.exe -manifest dll_name.dll.manifest - outputresource:dll_name.dll;2 Also, into proto_reg_handoff_helen, if you have many ports, you are calling many times : - data_handle = find_dissector(data); --- useless - helen_handle = create_dissector_handle(dissect_helen, proto_helen); --- I do not think it works Olivier Brian Oleksa a écrit : Olivier (wsgd) I fixed the problem in the code that you found. Thanks again for finding this. I tested it on the development machine and it worked great.!! I then took the created helen.dll file and dropped it on a deploy machine that is running the same version of wireshark that I developed against only to find that it Couldn't load module, The specified module could not be found. Any suggestions or thoughts on this one..? Thanks again for all your help. Brian wsgd wrote: Hello, Into proto_reg_handoff_helen, you try to fopen(/root/ports, r), which certainly fails on windows, so you call exit(1). Olivier Brian Oleksa a écrit : Wiresharkers I have followed these instructions: (I used both of these as one was more clear than the other on certain tasks). http://www.codeproject.com/KB/IP/custom_dissector.aspx http://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.html I am using: MSVC_VARIANT=MSVC2008EE I then verify_tools, install libraries (nmake -f Makefile.nmake setup), distclean and build wireshark with *NO *problems. I then test wireshark and it does indeed start up with *NO *problems. I then create my wireshark dissector code, make files etc.* (NOTE: This runs on Linux FC-9 with NO problems. If I take the attached helen.zip file go to my linux box, do a make install and put the helen.so file in the plugin directory everything works fine.) * I drop my code in place. C:\wireshark\plugins\helen The name of my wireshark dissector is called helen. From the C:\wireshark\plugins\helen directory I do the following: nmake -f Makefile.nmake distclean nmake -f Makefile.nmake all I have NO errors and it does indeed create a *helen.dll* file. (Which I believe is what I want). I drop this helen.dll file in the following directory: C:\wireshark\wireshark-gtk2\plugins\1.1.4HELEN-DISSECTOR I start up wireshark (by invoking wireshark.exe) the splash screen appears for a second than disappears. So it never start up. It does not provide me with a error message. I tried the following work around (click on link below) but had NO luck. http://www.wireshark.org/lists/wireshark-dev/200902/msg00013.html So at this point...I am stuck. Attached is all my code (helen.zip). Again, this same code works on my fedora core 9 box. Any help is greatly appreciated. Thank you Brian Oleksa Software Developer Dark Corner Software ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe -- Wireshark Generic Dissector http://wsgd.free.fr ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe