Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Plugin registered but no protocols or dissectors added Wireshark 4.2.x #15

Open
half2me opened this issue Feb 15, 2024 · 2 comments · May be fixed by #20
Open

Plugin registered but no protocols or dissectors added Wireshark 4.2.x #15

half2me opened this issue Feb 15, 2024 · 2 comments · May be fixed by #20

Comments

@half2me
Copy link

half2me commented Feb 15, 2024

I'm having issues getting this to do anything. It just doesn't show up anywhere. The dissector tables look the same, and the protocol is not added to the list of protocols.

Here is my code I'm trying out:

#![allow(dead_code)]

use wsdf::{version, Protocol};

version!("0.0.2", 4, 2);

#[derive(Protocol)]
#[wsdf(
    proto_desc = "ANT+",
    proto_name = "antplus",
    proto_filter = "antplus",
    decode_from = [("usb.bulk", 0xFFFF)]
)]
struct AntPlus {
    sync: u8,
    payload_length: u8,
    class: u8,
    #[wsdf(len_field = "payload_length", subdissector = "antplus.class")]
    payload: Vec<u8>,
    checksum: u8,
}

It builds fine, I copy the file to ~/.local/lib/wireshark/plugins/4-2/epan/ant.so. And wireshark loads the plugin without issues.
Screenshot 2024-02-15 at 11 32 33

However nothing changes, the protocol is not added anywhere and the dissector table is unchanged:
Screenshot 2024-02-15 at 11 33 50
Screenshot 2024-02-15 at 11 34 28

What am I doing wrong?
I tried the baby_udp example to see if it was just something in this code, but that protocol doesn't show up for me either :¯_(ツ)_/¯:

@half2me
Copy link
Author

half2me commented Feb 15, 2024

Compare that to the same thing written in lua which works perfectly:

--- requires https://github.com/Snaipe/wssdl/releases/download/v0.2.0/wssdl.lua
local wssdl = require 'wssdl'

ant_pkt = wssdl.packet {
    sync:u8():hex(),
    length:u8(),
    class:u8():hex(),
    payload:payload({ class, 'antplus.class' }, length * 8),
    checksum:u8():hex()
}

proto = ant_pkt:proto('antplus', 'ANT+ Protocol')

wssdl.dissect {
    usb.bulk:add { [0xFFFF] = proto }
}

Screenshot 2024-02-15 at 11 43 06
Screenshot 2024-02-15 at 11 43 19
Screenshot 2024-02-15 at 11 46 52

@amitrahman1026
Copy link

amitrahman1026 commented Nov 6, 2024

Hey @half2me , I think your problem might be that the generated plug in by wsdf is not looking for the right paths. While it maybe able to search for the plugin located in the correct folder, it may not be able to be found in the filter search or Analyze > Enable Protocol because of how the shared libraries are generated in macOS.

I was having similar issues of the plugins showing up under About Wireshark > Plugins but not in teh fliter search.
And found some leads that help.

Firstly, my application & devel files were installed via homebrew brew install wireshark --cask.

When taking a look at what wireshark references.

❯ otool -L $(which tshark)
/opt/homebrew/bin/tshark:
	@rpath/libwireshark.18.dylib (compatibility version 18.0.0, current version 18.0.1)
	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1971.0.0)
	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration (compatibility version 1.0.0, current version 1241.100.11)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1319.100.3)
	/usr/lib/libpcap.A.dylib (compatibility version 1.0.0, current version 1.0.0)
	@rpath/libwiretap.15.dylib (compatibility version 15.0.0, current version 15.0.1)
	@rpath/libwsutil.16.dylib (compatibility version 16.0.0, current version 16.0.0)
	@rpath/libglib-2.0.0.dylib (compatibility version 7601.0.0, current version 7601.6.0)

But if we take a look at this the generated example

❯ otool -L libdns.so
libdns.so:
	/Users/amit/Rust/wsdf/target/debug/examples/libdns-7bc9df552a297d22.dylib (compatibility version 0.0.0, current version 0.0.0)
	/opt/homebrew/opt/wireshark/lib/libwireshark.18.dylib (compatibility version 18.0.0, current version 18.0.1)
	/opt/homebrew/opt/wireshark/lib/libwsutil.16.dylib (compatibility version 16.0.0, current version 16.0.0)
	/opt/homebrew/opt/glib/lib/libgmodule-2.0.0.dylib (compatibility version 8201.0.0, current version 8201.2.0)
	/opt/homebrew/opt/glib/lib/libgthread-2.0.0.dylib (compatibility version 8201.0.0, current version 8201.2.0)
	/opt/homebrew/opt/glib/lib/libglib-2.0.0.dylib (compatibility version 8201.0.0, current version 8201.2.0)
	/opt/homebrew/opt/gettext/lib/libintl.8.dylib (compatibility version 13.0.0, current version 13.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1351.0.0)

We notice that its using the absolute path. This maybe the root cause of your wireshark not being able to load it. By changing the paths to @rpaths, I was able to change the install path with some post processing

install_name_tool -change "/opt/homebrew/opt/wireshark/lib/libwireshark.18.dylib" "@rpath/libwireshark.18.dylib" libdns.so
install_name_tool -change "/opt/homebrew/opt/wireshark/lib/libwsutil.16.dylib" "@rpath/libwsutil.16.dylib" libdns.so

that allowed wireshark (and tshark) to load the plugin correctly!

image

I will try to research and find a more robust solution to this to increase portability with macOS

@amitrahman1026 amitrahman1026 linked a pull request Nov 8, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants