Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] size of wireshark installation files

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 10 Jul 2007 19:06:40 +0200
Hi,

Should we make dissector_add() and friends fail silently when the referenced dissector is not available? Currently the g_assert() is killing, while a return would suffice. This becomes more relevant since we can delete a dissector on the fly, so we may run into this assert while not expected.

By the way Jean-Gr�goire, could you clean up the patch on the Wiki a bit? There seems to be residual development stuff in there, which may cause conflicts.

Thanx,
Jaap

Jean-Gr�goire Foulon wrote:
On 7/9/07, *Guy Harris* <guy@xxxxxxxxxxxx <mailto:guy@xxxxxxxxxxxx>> wrote:

    Cruz, Petagay wrote:
     > hi, how can I reduce the size of the wireshark library produced
    in 'make
     > install'?  I built without plugins.   what is using all the space?

    Well, for starters, all the dissectors - plugins *aren't* part of the
    library, they're loaded at run time, but almost all the disssectors in
    Wireshark are built in, so they're part of the library.

    There's currently no easy way to select a subset of dissectors to
    include.

    The rest of it is the Wireshark "core" to support dissection, taps,
    etc.; that can't be removed.



Hi,
I just finished to write a patch for Tshark to disable a lot of dissectors and make it smaller. It is on the wiki : http://wiki.wireshark.org/BuildingAndInstalling The choice of the removed dissectors is arbitrary, it suits my own use ans only works for Tshark, but it can be a good start if you want to get a smaller version of Wireshark.

Here is an extract of the readme, correct me if I did any mistakes

HOW TO REMOVE DISSECTORS
------------------------

First, modify some files so the unwanted dissectors won't be compiled anymore:
Makefile.in <http://Makefile.in>
epan/Makefile.in
epan/dissectors/Makefile.in


You must choose the unwanted dissectors so that they were no dependencies problems. The dissectors you leave must not depend on the dissector you remove. In some cases, you will have to modify the source files to get rid of dependencies. For example, the telnet dissector depends on kerberos, it was patched so we could remove the kerberos dissector and keep the telnet one.

tshark-tap-register.c and epan/dissectors/register.c are generated by Makefiles by parsing source files and adding specific functions they find in those files. They must be deleted to be regenerated with the correct list of functions. Before calling 'make' to build them, you have to remove the unused sourcefiles from their original directory otherwise tshark-tap-register.c and epan/dissectors/register.c will still have references to functions which won't be compiled.

Once everything compiles, try to run Tshark.
If you are lucky it will just work out of the box, but it's more likely Tshark will print "Aborted" and exit. It is an assert message which is printed when a dissector can't be added dynamically with the function dissector_add().
It means you have to patch some dissectors to remove dynamic dependencies.
All the dissector_add() calls that create problems must be commented. Be careful not to remove important ones.
To know in which file the problem lays, use gdb and its backtrace command:
gdb tshark
 >run
 >backtrace
 >q
It Will give you the file and the line that cause the assert to fail.

Once you removed all the calls that make asserts fail, Tshark should run properly.

Regards,
Jean-Gregoire