ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] size of wireshark installation files

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Sebastien Tandel <sebastien@xxxxxxxxx>
Date: Tue, 10 Jul 2007 11:25:54 -0300
> HOW TO REMOVE DISSECTORS
> ------------------------
> 
> First, modify some files so the unwanted dissectors won't be compiled
> anymore:
> Makefile.in <http://Makefile.in>
> epan/Makefile.in
> epan/dissectors/Makefile.in
> 
> 
> You must choose the unwanted dissectors so that they were no
> dependencies problems. The dissectors you leave must not depend on the
> dissector you remove.
> In some cases, you will have to modify the source files to get rid of
> dependencies. For example, the telnet dissector depends on kerberos, it
> was patched so we could remove the kerberos dissector and keep the
> telnet one.
> 
> tshark-tap-register.c and epan/dissectors/register.c are generated by
> Makefiles by parsing source files and adding specific functions they
> find in those files. They must be deleted to be regenerated with the
> correct list of functions. Before calling 'make' to build them, you have
> to remove the unused sourcefiles from their original directory otherwise
> tshark-tap-register.c and epan/dissectors/register.c will still have
> references to functions which won't be compiled.
> 
> Once everything compiles, try to run Tshark.
> If you are lucky it will just work out of the box, but it's more likely
> Tshark will print "Aborted" and exit. It is an assert message which is
> printed when a dissector can't be added dynamically with the function
> dissector_add().
> It means you have to patch some dissectors to remove dynamic dependencies.
> All the dissector_add() calls that create problems must be commented. Be
> careful not to remove important ones.
> To know in which file the problem lays, use gdb and its backtrace command:
> gdb tshark
>>run
>>backtrace
>>q
> It Will give you the file and the line that cause the assert to fail.
> 
> Once you removed all the calls that make asserts fail, Tshark should run
> properly.

Sounds a possible way to do it. :)


One thing that could help reduce further the size of tshark is to
statically link libwireshark to tshark and to strip unused object code.


Regards,
Sebastien Tandel
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube