Exporting Wireshark Dissector

0
votes

I have built a custom Wireshark Packet dissector as a plugin written in C.

How can I compile and export it so that others can use it without having to make the source again?
For example, if someone has installed Wireshark through binaries rather than building from Source code, then how can I make my dissector plugin available to them, since it might not be possible for them to build the dissector from source (Also tell if this is possible or not).

Again, if I had written the dissector in Lua then would it have been possible to export it in this fashion?

(I am new to writing dissectors so any help would be appreciated.)

2
wiresharkwireshark-dissector

2 Answers

1
votes

Basically, I think you have 2 options if you don't want them to have to compile Wireshark themselves:

  1. Build an installer that includes your dissector and distribute the new installer.
  2. Build a plugin and distribute the plugin, which they will need to add to their existing installation.

The first option ensures that your dissector is included and is compatible with the version of the Wireshark you included in the installer, but it typically requires them to uninstall their current version of Wireshark and install yours. Maybe this isn't desirable?

The second option requires that you build the plugin for a given version of Wireshark, and as long as they have the same version of Wireshark already installed, they do not have to uninstall their currently installed version Wireshark to install your version. Plugins are not guaranteed to be API/ABI compatible across different versions though, so you will need to create a plugin for every version of Wireshark in use.

Personally, I always create my own installer and anyone within my organization desiring the added features it provides can install it. I never have to worry about plugin compatibility problems. I also find it a bit easier to create a built-in dissector vs. a plugin dissector, with far fewer development files to modify and track.

Refer to the Wireshark Developer's Guide for more information, as well as the various README files in the Wireshark source tree, particularly the README.plugins file if you plan to build a plugin. You can also refer to the Wireshark buildbots to see each step of the build process, including the installer creation step. This is a good reference especially if you encounter any difficulty with any particular step of the build process.

0
votes

Resources which one should read while considering compiling and exporting dissectors are:

Compiling the dissector

Assuming that you have Wireshark built from source code and not using sudo apt-get.

Suppose your plugin dissector name is "foo" (typically, that would be a short name for your protocol, in all lower case)

The directory for the plugin, and its files

The plugin should be placed in a new plugins/foo directory which should contain at least the following files:

  • AUTHORS
  • COPYING
  • ChangeLog
  • CMakeLists.txt
  • Makefile.am
  • moduleinfo.h
  • plugin.rc.in

Details about these files can be found in README.plugins

Now jump back to plugins directory.

For Custom extension

Go to the plugins directory and copy the Custom.m4.example and Custom.make.example files to files of the same name but without the ".example" suffix. Now you have two Custom files ready for building a plugin with the name "foo". Replace the name if you so require.

For CMake builds, either pass the custom plugin dir on the CMake generation step command line:

CMake ... -DCUSTOM_PLUGIN_SRC_DIR="plugins/foo"

or copy the top-level file CMakeListsCustom.txt.example to CMakeListsCustom.txt (also in the top-level source dir) and edit so that CUSTOM_PLUGIN_SRC_DIR is set() to the relative path of your plugin, e.g.

set(CUSTOM_PLUGIN_SRC_DIR plugins/foo)

Go to the directory Wireshark-2.4.X

Run $ ./autogen.sh and ./configure to setup your build environment.

The good news is that if you are working on a single plugin then you will find recompiling the plugin MUCH faster than recompiling a dissector and then linking it back into Wireshark. Use "make -C plugins" to compile just your plugins.

The bad news is that Wireshark will not use the plugins unless the plugins are installed in one of the places it expects them to find.

One way of dealing with this problem is to set an environment variable when running Wireshark: WIRESHARK_RUN_FROM_BUILD_DIRECTORY=1.

Distribution of your plugin

To distribute your plugin you need to provide users with the binaries of your dissector (the .so file produced on compilation of dissector)

The users need to place these files in their Wireshark installation personal plugins folder and restart Wireshark.

To find the plugins folder, open Wireshark and go to Help -> About -> Folders. If the path mentioned in the personal plugins folder doesn't exist then create the same.

Distributing Lua dissectors is fairly easy.

Just copy paste the Lua scripts into the personal plugins folder and your plugin is ready to go.