Reputation: 3
Change a wireshark preference in dissector?
I'm creating a dissector for Wireshark in C, for a protocol on top of UDP. Since i'm using heuristic dissecting but another protocol with a standard dissector for the same port as mine exists, my packets are being dissected as that other protocol. For my dissector to work, I need to enable the "try heuristic dissectors first" UDP preference, but I wished to change that property when my plugin is registered (in the code), so the user does not need to change it manually. I noticed on epan/prefs.h, the function prefs_set_pref exists! But when I used it on my plugin, Wireshark crashes on startup with a Bus Error 10. Is what I want to do possible/correct?
So I've tried this:
G_MODULE_EXPORT void plugin_register(void){
prefs_set_pref("udp.try_heuristic_first:true");
// My proto_register goes here
}
Since epan/prefs.h has:
/*
* Given a string of the form "<pref name>:<pref value>", as might appear
* as an argument to a "-o" option, parse it and set the preference in
* question. Return an indication of whether it succeeded or failed
* in some fashion.
*
* XXX - should supply, for syntax errors, a detailed explanation of
* the syntax error.
*/
WS_DLL_PUBLIC prefs_set_pref_e prefs_set_pref(char *prefarg);
Thanks
Upvotes: 0
Views: 1100
Answers (1)
Reputation: 1001
Calling prefs_set_pref("udp.try_heuristic_first:true"); works for me in a test Wireshark plugin.
OK: Assuming no other issues,I expect the problem is that prefs_set_pref() modifies the string passed to it.
If (the address of) a string literal is passed, the code will attempt to modify the literal which, in general, is not allowed. I suspect this is the cause of your Bus Error 10.
(I'd have to dig deeper to see why my test on Windows actually worked).
So: I suggest trying something like:
char foo[] = {"udp.try_heuristic_first:true"};
...
prefs_set_pref(foo);
to see if that works; Or: do a strcpy of the literal to a local array.
==============
(Earlier original comments)
Some comments/questions:
What's the
G_MODULE_EXPORTabout ? None of the existing Wireshark plugin dissectors use this. (See any of the dissectors underpluginsin your dissector Wireshark source tree).The plugin register function needs to be named
proto_register_???where???is the name of you plugin dissector.So: I don't understand the whole
G_MODULE_EXPORT void plugin_register(void){& etcThe call to
prefs_set_prefs()should be in theproto_reg_handoff_???()function (and not in theproto_register_???function).
Upvotes: 1
Related Questions
- How can I add a custom protocol analyzer to wireshark?
- Is there a way to override a default dissector in wireshark?
- Debugging wireshark dissector
- Exporting Wireshark Dissector
- Wireshark Dissector : IP Dissector does not recognize my protocol
- Wireshark dissector configuration argument
- How to re-dissect the selected packet in wireshark?
- How can I get a wireshark Lua dissector protocol preferences to save and persist when I close wireshark?
- How to apply and override preferences with tshark?
- Wireshark Lua Dissector - How to set source and destination