Wireshark-users: Re: [Wireshark-users] Writing/sharing dissectors
From: "Kobboi" <[email protected]>
Date: Fri, 27 Apr 2007 15:22:25 +0200 (CEST)
Jaap, Ulf,

Thanks for your reply.

About the writing... To get started I concatenated the code from Example
9.1 through 9.4 of the Wireshark Developer's Guide and put it in a
plugin.c file. I then updated the Makefiles and such according to
README.plugins. Compilation fails with:

plugin.c:67: error: static declaration of 'dissect_foo' follows non-static
plugin.c:12: error: previous declaration of 'dissect_foo' was here

Removing the "static" below or adding it above just creates another bunch
of errors about multiple declarations. What obviously simple thing am I

About the sharing... I was kind of hoping that dissectors had their own
kind of description language (something in XML maybe), making it easy to
share them, even over different platforms: just copy the description file.
Since dissectors seem to have to be written in C, I guess this is out of
the question. Or is sharing a plugin just a question of copying a DLL file
on Win32, or copying a .so file on similar Linux platforms?



> Hi,
> For a more extensive answer, after reading said website, there's not
> really a roadmap to a dissector. Much depends on the situation.
> First you'll have to choose the way you want to deploy you dissector. My
> guess would be a plugin dissector in your case, rather then build in.
> Another choice is style, based on the complexity of the protocol. Very
> simple protocols can use a simple pvt_cursor style, medium to complex ones
> can use proto_tree_add_item calls, while ASN.1 based protocol can have a
> generated dissector.
> Have some shared code repository for your dissector, that way you can
> easily share the code and build on the two platforms. They're not that
> different, thanks to glib, apart from the build scripts. See the developer
> guide to setup your windows build environment, and the README.* in /doc in
> the source tree for all kinds of inside info.
> Thanx,
> Jaap
> On Wed, 25 Apr 2007, Ulf Lamping wrote:
>> Kobboi wrote:
>> > Hello,
>> >
>> > Some very basic questions, hope you don't mind my asking them...
>> >
>> > Where can I find a recent HOWTO on writing your own dissector for a
>> > proprietary protocol? Is there some basic roadmap that can help me
>> keep
>> > an overview and not lose the way?
>> >
>> > When I have finished writing it, how do I easily share my dissector?
>> > Does everyone who wants to use it need to recompile their Wireshark?
>> Any
>> > important Windows/Linux differences? (I'll need to support both
>> > platforms)
>> >
>> > Thanks for the info!
>> >
>> >
>> See: http://wiki.wireshark.org/Development
>> Regards, ULFL