Hello John,
thank you for this idea. This is a way i haven't thought about and this
could really be the answer for me, but i have still a problem with my
custom dissector. I am not able to find my dissector in the preferences
dialog for the DTL_USER link type. I call the register_dissector()
function and register my protocol. Could you tell me, if there is
something missing to find my dissector plugin in the dialog?
Best regards,
Björn
Am 27.01.21 um 12:54 schrieb John Thacker:
On Wed, Jan 27, 2021 at 6:16 AM Björn
<bjoern.peter...@missinglinkelectronics.com
<mailto:bjoern.peter...@missinglinkelectronics.com>> wrote:
Hi,
we use a custom dissector to analyze custom protocol traffic.
However, to further increase the usability, we need to add
protocol analysis specific GUI elements. For now, we are not aware
of a way to add a first level plugin which can be called through
an encapsulation type from a pcap file. One other point is that we
are not able to load a compiled plugin to wireshark, if we don’t
build it from source. We can’t link against wireshark and cmake
will not load the project if we install wireshark from the APT
packages.
1. Are implementations available to add an encapsulation type via
a plugin?
2. Could anybody point us to examples of similar attempts?
3. Is there already some work in progress to provide such a
plugin mechanism for extending the encapsulation types?
4. We noticed that distributed packets, e.g. in Ubuntu 18.04 do
not allow for C plugins to be loaded. Do you know if this is
common practice?
The approach I generally do is to generate files with one of the USER
encapsulations (which are reserved for private use), and then call
your plugin using the DLT_USER preferences, as detailed here:
https://gitlab.com/wireshark/wireshark/-/wikis/HowToDissectAnything
You can then go on to save those DLT_USER preferences in a
configuration profile
<https://www.wireshark.org/docs/wsug_html/#ChCustConfigProfilesSection>,
and later export that configuration profile and distribute it with
your plugin so that it is installed as a globally available
configuration profile.
Is there some reason that doesn't work for you? If you're able to
generate pcaps with a custom link-layer header type, then you should
be able to do that.
Adding a new encapsulation is possible, but to do it properly it's
best to keep it in sync with the link-layer header types in libpcap
files, which means following the process in wiretap/pcap-common.c
<https://gitlab.com/wireshark/wireshark/-/blob/master/wiretap/pcap-common.c#L72-80>
Reusing an existing link-layer header type for a different
(newly defined) Wireshark encapsulation is strongly discouraged.
John
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
