Newbie question: lights are on, but no-one is home


#1

I’m attempting to write a plugin to dissect a protocol. Actually this is going to end up being quite a complex plugin, because the protocol has a lot of sub-protocols, but let’s work before we run…

Where I am at present is that everything compiles, and my plugin duly appears in the Help->About Wireshark->Plugins dialog and also in the Help->Supported protocols (slow) dialog. However, my dissector is never used to dissect any packets.

In order to diagnose what’s happening I have richly buttered my code with lots of stanzas of the general form:

#if DEBUG if ( debugLogHandle == NULL) { debugLogHandle=fopen( DEBUGLOGNAME, "w"); } fprintf( debugLogHandle, "CCSDUv3 dissector called\n"); fflush( debugLogHandle); #endif

and this results in the following ending up in my log file:

If dissect_ccsdu3(tvbuff_t *, packet_info *, proto_tree *) were being called then no matter what happened I would get something in the log. But I don’t, ever, despite having a constant stream of the right sort of messages coming in. So clearly there’s something gone wrong in registering the handoff.

Any suggestions as to what I should be looking for?


#2

Hello,

  1. Your protocol appears checked into “Analyze / Enabled protocols” ?

  2. Into proto_reg_handoff_ccsdu3,
    do you call :
    handle = create_dissector_handle(dissect_ccsdu3, );

         dissector_add("tcp.port", <port_value>, handle);                               OR
         dissector_add("udp.port", <port_value>, handle);                              OR
         dissector_add(<another field>, <port_value>, handle);
    
  3. Does your capture file effectively contains some data for “tcp.port”, <port_value> (or …) ?

  4. Look at <wireshark_sources>/doc/README.developper

  5. use wsgd.free.fr/ :slight_smile:

Olivier


#3

Thanks, I’ve found the problems:

(1) I was watching the wrong port - I’d specified 29000, but when I checked the preferences dialog I found it had set the port to 1234 (presumably a default?). When I set it to 29000 in the preferences my debug log sprang to life:

And it’s a bad signature because I was using tvb_get_guint8() to attempt to read a 32 bit value… so I’ve changed

	hdrSignature = tvb_get_guint8( tvb, CCSDU3_HDR_OFFSET_SIGNATURE);

to

	hdrSignature = tvb_get_guint32_endian( tvb, CCSDU3_HDR_OFFSET_SIGNATURE, !IS_BIGENDIAN(tvb));

Currently I’ve got a linker error on Windows:

So I’m doing an experimental build on Linux to try to determine which library tvb_get_guint32_endian() is actually in. But I’m making progress!

(edited to add)
Many thanks to the pointer to the generic dissector - that is awesomely cool tech!


#4

tvb_get_guint32_endian is not part of the wireshark library.

It is a static function (i.e. function not visible outside the source file)
defined into packet-mq.c and packet-mq-pcf.c.
So you cannot link with it.
Even on linux.

Olivier