To partially answer my own question: it seems that by bypassing stats_tree you can manually register to listen to a tap. Here it is possible to specify that you want the complete tree to be build (the flags parameter of function register_tap_listener).
Here arises another problem though, because by not using the stats_tree functions, I don't have the nice GUI interface by default and can't use the tick and count functions etc. By looking at the source, h225_ras_srt.c, for example, I noticed that it is possible to manually build this GUI. However, so far I haven't been able to get something like that to compile as a plugin (Windows machine).
First it complained that it couldn't find some GTK includes. This could be fixed by changing the makefile to this (add GTK_CFLAGS):
CFLAGS=/WX /DHAVE_CONFIG_H /I../.. $(GTK_CFLAGS) \
$(GLIB_CFLAGS) \
/I$(PCAP_DIR)\include -D_U_="" $(LOCAL_CFLAGS)
But after this a linking error occurred which I haven't been able to fix (see below). It can't find the call to register_dfilter_stat. I tried linking with libui.lib (which is the lib in the gtk folder), though this only made things worse and gave tons of linking errors.
Does anyone here have any ideas how to include GUIs in a plugin?
Thanks,
Floris
link -dll /out:test.dll /NOLOGO /INCREMENTAL:no /DEBUG /MACHINE:x86 /MAN
IFEST:no test.obj p_test.obj q1.obj ..\..\epan\libwireshark.lib C:\w
ireshark-win32-libs-1.2\gtk2\lib\glib-2.0.lib C:\wireshark-win32-libs-1.2\gtk2\
lib\gmodule-2.0.lib C:\wireshark-win32-libs-1.2\gtk2\lib\gobject-2.0.lib test.r
es
Creating library test.lib and object test.exp
p_test.obj : error LNK2019: unresolved external symbol _register_dfilter_stat re
ferenced in function _register_tap_listener_gtk_test
test.dll : fatal error LNK1120: 1 unresolved externals
NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 9.0\
VC\BIN\link.EXE"' : return code '0x460'
On Mon, Jul 26, 2010 at 10:32 AM, Floris van Nee
<floris.vannee@xxxxxxxxx> wrote:
Hi,
I am trying to make a plugin for Wireshark which makes some statistics about captured packets. The basic things work: it can count packets, use the tap to send information collected while dissecting to the stats plugin and do some other stuff using the stats_tree functions.
Now I have the following situation:
- My own dissector for my protocol
- My stats plugin for my protocol
- Another protocol (802.11) which my protocol encapsulates - I haven't written the dissector for this one - it is already included in Wireshark.
When I try to do some more advanced stuff I run into a couple of problems. The main problem is that I'd like to be able to access the tree (or at least some information, like sequence number of packet, data of ACK etc.) of the protocol which I have encapsulated (802.11). I can't save the 'tree' variable in my dissector to the tap information or to the private_data field, because it seems that when the stats plugin is called, the dissector is also called with tree=NULL, so it skips the whole tree creating part.
I guess I either need to get Wireshark to also create the tree when it calls my stats plugin, or find some other way to get the information about the protocol mine encapsulates. Unfortunately I have no clue how to do that. Does anyone here has the knowledge how something like this can be achieved?
Thanks,
Floris
