Wireshark-dev: [Wireshark-dev] 4 questions
From: warlord <[email protected]>
Date: Sat, 12 Jan 2008 01:33:58 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi

So I spent some hours yesterday and today trying to find my way around
the Wireshark sources, and sure enough I had some problems:


a) I want to add my own protocol, on the same level as ethernet. So
instead of "Ethernet" or "FDDI" or something similar, I want f.ex.
"PROTO_WRL".
In a pcap the protocol information of the packet is specified in an int.
0x1 is Ethernet, 0x6 is Token_Ring and so on. If I use a hexeditor and
claim my packet in the pcap is of type 115(0x73), Wireshark tells me the
protocol is unknown/unspecified. Great, so I found myself a free number
I can (ab)use.
It seems wiretap/libpcap.c is responsible for number->protocol decoding.
So I edit the file and add number 115 with a value of "WTAP_ENCAP_WRL".
When trying to recompile wireshark I'm consequently told that this
hasn't been assigned, so I edit wiretap/wtap.h and add WTAP_ENCAP_WRL
with a value of 115.
I recompile wshark and what do I get? Protocol 115 is not unknown
anymore. But now it's "WTAP_ENCAP = 115". How do I get that right? All I
want is my own protocol, instead of ethernet.

b) I don't need all those dissectors in epan/dissectors. I tried
removing some from epan/dissectors/Makefile.common from the
CLEAN_DISSECTOR_SRC section. Wireshark failed to compile, complaining
about missing dependencies. Can I not easily remove unused
dissectors(basically all of them)?

c) I tried adding packet-amin.c to my build. I placed the file in
epan/dissectors/ and added packet-amin into the previously mentioned
section in Makefile.common. The build failed(I wasn't surprised). So I
removed the file and rebuilt. That wouldnt work either as I got an error
on epan/.libs/libwireshark.so: undefined reference to
proto_register_amin. That was after I deleted the file and removed its
line from Makefile.common. So I went back to wireshark/ and ran 'make
clean', then rebuilt. And I got the same error again!!?? Seems to me
'make clean' doesn't do it's job properly.
By now I have checked out, configured and compiled Wireshark several
times as every time I run an experiment like that I won't be able to
compile wireshark again, even after I revert to the original files and
run 'make clean'. This is extremely annoying.

d) I'm on a Gentoo and have Wireshark installed from the packet manager.
I created a new dir for my experimental dev wireshark, checked wireshark
out into there and built it. The build worked fine, but I can't run it.
It segfaults when I try to execute it.

stat64("/home/warlord/some_dirs_here/wireshark2/gtkrc", 0xbf93c8fc) = -1
ENOENT (No such file or directory)
access("/home/warlord/some_dirs_here/wireshark2/gtkrc.en_EN", F_OK) = -1
ENOENT (No such file or directory)
access("/home/warlord/some_dirs_here/wireshark2/gtkrc.en", F_OK) = -1
ENOENT (No such file or directory)
lstat64("/home/warlord/.wireshark/gtkrc", 0xbf93c8fc) = -1 ENOENT (No
such file or directory)
access("/home/warlord/.wireshark/gtkrc.en_EN", F_OK) = -1 ENOENT (No
such file or directory)
access("/home/warlord/.wireshark/gtkrc.en", F_OK) = -1 ENOENT (No such
file or directory)
- --- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++

Atm I develop and build in a Vmware. It's annoyingly slow. If I can get
my dev versions to run on the Gentoo(if possible parallely to the 'real'
version) I'd be happy.


I appreciate any help I can get.

wrl

- --
dreaming in digital - living in realtime - thinking in binary - talking
in IP - welcome to our world

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHiArw9A36oltxjVQRAxumAJ9tP0MGM3WdDVQuylggdBvzGCkPbQCfV370
UAXBp1+VQmj829rGXdfLiGk=
=RsaP
-----END PGP SIGNATURE-----