Wireshark mailing list archives
Re: New Protocol encapsulation as plugin
From: Roland Knall <rknall () gmail com>
Date: Wed, 27 Jan 2021 18:07:05 +0100
I was talking about live capture and how to generate statistic plugins for them. USER_DLTs will certainly work in that regard. regards
Am 27.01.2021 um 14:06 schrieb Björn <bjoern.petersen () missinglinkelectronics com>: Hello Roland, thank you for your answer, but this will not work for me, because i need to dissect a first level protocol and couldn't open the file to dissect. But i think, as mentioned by John Thacker, to use the USER_DLT will take function. Best regards, Björn Am 27.01.21 um 12:30 schrieb Roland Knall:Hi Björn I realized something similar by implementing a tap interface in the original protocol and a UI using a similar code as in the plugin “pluginifdemo” Would it be possible to go that route? Regards, RolandAm 27.01.2021 um 12:17 schrieb Björn <bjoern.petersen () missinglinkelectronics com>: Hi, we use a custom dissector to analyze custom protocol traffic. However, to further increase the usability, we need to add protocol analysis specific GUI elements. For now, we are not aware of a way to add a first level plugin which can be called through an encapsulation type from a pcap file. One other point is that we are not able to load a compiled plugin to wireshark, if we don’t build it from source. We can’t link against wireshark and cmake will not load the project if we install wireshark from the APT packages. Are implementations available to add an encapsulation type via a plugin? Could anybody point us to examples of similar attempts? Is there already some work in progress to provide such a plugin mechanism for extending the encapsulation types? We noticed that distributed packets, e.g. in Ubuntu 18.04 do not allow for C plugins to be loaded. Do you know if this is common practice? Our goal is creating an open source tool to analyze communication within SoCs, e.g. SoC FPGAs by providing both insight into protocol structure as well as bit and timing accurate analysis at the same time with cross-references. You may think about this like an analyzer for video data transport protocols, which provides the ability to cross-reference actual pixels within the frames to the protocol entities that has contained them by showing the picture and enables clicking through the pixels / areas of the frames and the frames within the timeline of the video. When you click on an images pixel/area, the respective protocol unit containing the pixel is highlighted and vice versa. This allows for much better interpretation than going through the payload view or the image separately. We already built a proof of concept, but we feel that this approach to basically create a fork of the wireshark GUI is neither maintainable and efficient nor something the community is looking for. We are seeking for any comment/reply or proposals to advance and/or continue this idea! Björn Petersen ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- New Protocol encapsulation as plugin Björn (Jan 27)
- Re: New Protocol encapsulation as plugin Roland Knall (Jan 27)
- Re: New Protocol encapsulation as plugin Björn (Jan 27)
- Re: New Protocol encapsulation as plugin Tomáš Kukosa (Jan 27)
- Re: New Protocol encapsulation as plugin Roland Knall (Jan 27)
- Re: New Protocol encapsulation as plugin Björn (Jan 27)
- Re: New Protocol encapsulation as plugin John Thacker (Jan 27)
- Re: New Protocol encapsulation as plugin Björn (Jan 27)
- Re: New Protocol encapsulation as plugin Guy Harris (Jan 27)
- Re: New Protocol encapsulation as plugin Roland Knall (Jan 27)