Wireshark · Wireshark-dev: [Wireshark-dev] sample dissector

["ali alkhalidi" <alikhalidilug@xxxxxxxxx>]

greetings All,

I know that this sounds boring (a new wireshark dissector is in the
block), but no matter how I tackel this problem it beats be off.

I'm following on the README.developer instructions in that after I
craft my dissector, I only need to place the file into the dissector/
directory having a name of packet-foo.c and adding this last name to
the DISSECTOR_SRC macro.

problem is that, whenever I compile wireshark, starting at the top
level directory, I get libwireshark undefined reference to
proto_register_foo ?!

this is my dissector code, and I'm using wireshark 0.99.4 base

=============
/* packet-foo.c
* Routines for foo dissection
* Copyright 2007, Ali Al-khalidi <ali@xxxxxxxxx>
*
* $Id: README.developer 19551 2006-10-16 03:25:50Z ulfl $
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@xxxxxxxxxxxxx>
* Copyright 1998 Gerald Combs
*
* Copied from WHATEVER_FILE_YOU_USED (where "WHATEVER_FILE_YOU_USED"
* is a dissector file; if you just copied this from README.developer,
* don't bother with the "Copied from" - you don't even need to put
* in a "Copied from" if you copied an existing dissector, especially
* if the bulk of the code in the new dissector is your code)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/

#ifdef HAVE_CONFIG_H
# include "config.h"
#endif

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <glib.h>

#ifdef NEED_SNPRINTF_H
# include "snprintf.h"
#endif

#include <epan/packet.h>
#include <epan/prefs.h>


/* Forward declaration we need below */
void proto_register_foo(void);
void proto_reg_handoff_foo(void);

/* Initialize the protocol and registered fields */
static int proto_foo = -1;
static int global_foo_port = 1234;
static dissector_handle_t foo_handle;
static int hf_foo_pdu_type = -1;

/* Global sample preference ("controls" display of numbers)
static gboolean gPREF_HEX = FALSE;*/

/* Initialize the subtree pointers */
static gint ett_foo = -1;

/* Code to actually dissect the packets */
static void
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{

/* Set up structures needed to add the protocol subtree and manage it */
	proto_item *ti;
	proto_tree *foo_tree;

/* Make entries in Protocol column and Info column on summary display */
	if (check_col(pinfo->cinfo, COL_PROTOCOL))
		col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO");

/* This field shows up as the "Info" column in the display; you should use
  it, if possible, to summarize what's in the packet, so that a user looking
  at the list of packets can tell what type of packet it is. See section 1.5
  for more information.

  Before changing the contents of a column you should make sure the column is
  active by calling "check_col(pinfo->cinfo, COL_*)". If it is not active
  don't bother setting it.

  If you are setting the column to a constant string, use "col_set_str()",
  as it's more efficient than the other "col_set_XXX()" calls.

  If you're setting it to a string you've constructed, or will be
  appending to the column later, use "col_add_str()".

  "col_add_fstr()" can be used instead of "col_add_str()"; it takes
  "printf()"-like arguments.  Don't use "col_add_fstr()" with a format
  string of "%s" - just use "col_add_str()" or "col_set_str()", as it's
  more efficient than "col_add_fstr()".

  If you will be fetching any data from the packet before filling in
  the Info column, clear that column first, in case the calls to fetch
  data from the packet throw an exception because they're fetching data
  past the end of the packet, so that the Info column doesn't have data
  left over from the previous dissector; do


	if (check_col(pinfo->cinfo, COL_INFO))
		col_set_str(pinfo->cinfo, COL_INFO, "XXX Request");
  */
	if (check_col(pinfo->cinfo, COL_INFO))
		col_clear(pinfo->cinfo, COL_INFO);




/* A protocol dissector can be called in 2 different ways:

	(a) Operational dissection

		In this mode, Wireshark is only interested in the way protocols
		interact, protocol conversations are created, packets are reassembled
		and handed over to higher-level protocol dissectors.
		In this mode Wireshark does not build a so-called "protocol tree".

	(b) Detailed dissection

		In this mode, Wireshark is also interested in all details of a given
		protocol, so a "protocol tree" is created.

  Wireshark distinguishes between the 2 modes with the proto_tree pointer:
	(a) <=> tree == NULL
	(b) <=> tree != NULL

  In the interest of speed, if "tree" is NULL, avoid building a
  protocol tree and adding stuff to it, or even looking at any packet
  data needed only if you're building the protocol tree, if possible.

  Note, however, that you must fill in column information, create
  conversations, reassemble packets, build any other persistent state
  needed for dissection, and call subdissectors regardless of whether
  "tree" is NULL or not.  This might be inconvenient to do without
  doing most of the dissection work; the routines for adding items to
  the protocol tree can be passed a null protocol tree pointer, in
  which case they'll return a null item pointer, and
  "proto_item_add_subtree()" returns a null tree pointer if passed a
  null item pointer, so, if you're careful not to dereference any null
  tree or item pointers, you can accomplish this by doing all the
  dissection work.  This might not be as efficient as skipping that
  work if you're not building a protocol tree, but if the code would
  have a lot of tests whether "tree" is null if you skipped that work,
  you might still be better off just doing all that work regardless of
  whether "tree" is null or not. */
	if (tree) {

/* NOTE: The offset and length values in the call to
  "proto_tree_add_item()" define what data bytes to highlight in the hex
  display window when the line in the protocol tree display
  corresponding to that item is selected.

  Supplying a length of -1 is the way to highlight all data from the
  offset to the end of the packet. */

/* create display subtree for the protocol */
		ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, FALSE);

		foo_tree = proto_item_add_subtree(ti, ett_foo);

/* add an item to the subtree, see section 1.6 for more information */
		proto_tree_add_item(foo_tree,
		    hf_foo_pdu_type, tvb, 0, 1, FALSE)


/* Continue adding tree items to process the packet here */


	}

/* If this protocol has a sub-dissector call it here, see section 1.8 */
}


/* Register the protocol with Wireshark */

/* this format is require because a script is used to build the C function
  that calls all the protocol registration.
*/

void
proto_register_foo(void)
{
	module_t *foo_module;

/* Setup list of header fields  See Section 1.6.1 for details*/
	static hf_register_info hf[] = {
		{ &hf_foo_pdu_type,
			{ "FOO PDU Type",           "foo.type",
			FT_UINT8, BASE_DEC, NULL, 0x0,
			"", HFILL }
		}
	};

/* Setup protocol subtree array */
	static gint *ett[] = {
		&ett_foo
	};

/* Register the protocol name and description */
	proto_foo = proto_register_protocol("FOO Protocol",
	    "FOO", "foo");

/* Required function calls to register the header fields and subtrees used */
	proto_register_field_array(proto_foo, hf, array_length(hf));
	proto_register_subtree_array(ett, array_length(ett));

/* Register preferences module (See Section 2.6 for more on preferences) */
	foo_module = prefs_register_protocol(proto_foo,
	    proto_reg_handoff_foo);

/* Register a sample preference */
	prefs_register_bool_preference(foo_module, "showHex",
	     "Display numbers in Hex",
	     "Enable to display numerical values in hexadecimal.",
	     &gPREF_HEX);
}


/* If this dissector uses sub-dissector registration add a registration routine.
  This exact format is required because a script is used to find
these routines
  and create the code that calls these routines.

  This function is also called by preferences whenever "Apply" is pressed
  (see prefs_register_protocol above) so it should accommodate being called
  more than once.
*/
void
proto_reg_handoff_foo(void)
{
	static gboolean inited = FALSE;

	if (!inited) {

	    dissector_handle_t foo_handle;

	    foo_handle = create_dissector_handle(dissect_foo,
	        proto_foo);
	    dissector_add("udp.port", global_foo_port, foo_handle);

	    inited = TRUE;
	}

       /*
         If you perform registration functions which are dependant upon
         prefs the you should de-register everything which was associated
         with the previous settings and re-register using the new
prefs settings
         here. In general this means you need to keep track of what value the
         preference had at the time you registered using a local static in this
         function. ie.

         static int currentPort = -1;

         if (currentPort != -1) {
             dissector_delete("tcp.port", currentPort, PROTOABBREV_handle);
         }

         currentPort = gPortPref;

         dissector_add("tcp.port", currentPort, PROTOABBREV_handle);

       */
}

=============