Wireshark mailing list archives

Re: New Protocol encapsulation as plugin

From: Tomáš Kukosa <keksa () email cz>
Date: Wed, 27 Jan 2021 15:07:36 +0100 (CET)

Hello Björn,




if you goal is to dissect non-pcap custom file it is also possible.


You can have wiretap plugin type which reads your data format as packets and
then these packets can be dissected with the epan plugin.




Best regards,

 Tomas


 ---------- Původní e-mail ----------
Od: Björn <bjoern.petersen () missinglinkelectronics com>
Komu: wireshark-dev () wireshark org
Datum: 27. 1. 2021 14:06:10
Předmět: Re: [Wireshark-dev] New Protocol encapsulation as plugin
"
Hello Roland,

thank you for your answer, but this will not work for me, because i need to
dissect a first level protocol and couldn't open the file to dissect. But i
think, as mentioned by John Thacker, to use the USER_DLT will take function.


Best regards,

Björn




Am 27.01.21 um 12:30 schrieb Roland Knall:

"
Hi Björn 




I realized something similar by implementing a tap interface in the original
protocol and a UI using a similar code as in the plugin “pluginifdemo”




Would it be possible to go that route?




Regards, Roland


"Am 27.01.2021 um 12:17 schrieb Björn <bjoern.petersen@
missinglinkelectronics.com>
(mailto:bjoern.petersen () missinglinkelectronics com):

"
"

Hi,

we use a custom dissector to analyze custom protocol traffic. However, to 
further increase the usability, we need to add protocol analysis specific 
GUI elements. For now, we are not aware of a way to add a first level plugin
which can be called through an encapsulation type from a pcap file. One 
other point is that we are not able to load a compiled plugin to wireshark,
if we don’t build it from source. We can’t link against wireshark and cmake
will not load the project if we install wireshark from the APT packages.

   1. Are implementations available to add an encapsulation type via a
   plugin?
   2. Could anybody point us to examples of similar attempts?
   3. Is there already some work in progress to provide such a plugin
   mechanism for extending the encapsulation types?
   4. We noticed that distributed packets, e.g. in Ubuntu 18.04 do not allow
   for C plugins to be loaded. Do you know if this is common practice?

Our goal is creating an open source tool to analyze communication within 
SoCs, e.g. SoC FPGAs by providing both insight into protocol structure as 
well as bit and timing accurate analysis at the same time with cross-
references.
You may think about this like an analyzer for video data transport
protocols, which provides the ability to cross-reference actual pixels
within the frames to the protocol entities that has contained them by
showing the picture and enables clicking through the pixels / areas of the
frames and the frames within the timeline of the video. When you click on an
images pixel/area, the respective protocol unit containing the pixel is 
highlighted and vice versa. This allows for much better interpretation than
going through the payload view or the image separately.

We already built a proof of concept, but we feel that this approach to
basically create a fork of the wireshark GUI is neither maintainable and 
efficient nor something the community is looking for.
We are seeking for any comment/reply or proposals to advance and/or continue
this idea!

Björn Petersen _____________________________________________________________
______________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
(mailto:wireshark-dev () wireshark org)
Archives:    https://www.wireshark.org/lists/wireshark-dev
(https://www.wireshark.org/lists/wireshark-dev)
 Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
(https://www.wireshark.org/mailman/options/wireshark-dev)
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
(mailto:wireshark-dev-request () wireshark org?subject=unsubscribe)
 "



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <a href='mailto:wireshark-dev () wireshark org' 
class='-wm-moz-txt-link-rfc2396E'><wireshark-dev () wireshark org></a>
Archives:    <a href='https://www.wireshark.org/lists/wireshark-dev&apos; 
class='-wm-moz-txt-link-freetext'>https://www.wireshark.org/lists/wireshark-dev</a>
Unsubscribe: <a href='https://www.wireshark.org/mailman/options/wireshark-dev&apos; 
class='-wm-moz-txt-link-freetext'>https://www.wireshark.org/mailman/options/wireshark-dev</a>
             <a href='mailto:wireshark-dev-request () wireshark org?subject=unsubscribe' 
class='-wm-moz-txt-link-freetext'>mailto:wireshark-dev-request () wireshark org?subject=unsubscribe</a>
" __________________________________________________________________________
_
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe"

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

New Protocol encapsulation as plugin Björn (Jan 27)
- Re: New Protocol encapsulation as plugin Roland Knall (Jan 27)
  - Re: New Protocol encapsulation as plugin Björn (Jan 27)
    - Re: New Protocol encapsulation as plugin Tomáš Kukosa (Jan 27)
    - Re: New Protocol encapsulation as plugin Roland Knall (Jan 27)
- Re: New Protocol encapsulation as plugin John Thacker (Jan 27)
  - Re: New Protocol encapsulation as plugin Björn (Jan 27)
- Re: New Protocol encapsulation as plugin Guy Harris (Jan 27)