Perhaps a slight change of topic, but what advantages do plug-ins have (or not have) over built-ins? I wrote my first (and only) dissector as a plug-in, and other than the issue with packet spanning working correctly, it was pretty straight-forward. In fact, probably the single most difficult (and ill-documented) issue was figuring out how many *.nmake files I had to insert the plug-in name into to get it to build.
I developed under Windows, since my target user base for the plug-in is purely Windows users. I had some help from the IRC channel, but 99% of what I learned came from http://www.wireshark.org/docs/wsug_html and browsing some of the other plug-in sources, particularly H223. --jc On Dec 28, 2007 7:22 AM, Stephen Fisher <[EMAIL PROTECTED]> wrote: > On Fri, Dec 28, 2007 at 10:47:57AM +0100, warlord wrote: > > > So all I am looking for now is a very simple example dissector which I > > can compile and use in Linux. I hope/suppose I can find my way from > > there. I do realize I can look at all the folders in trunk/, but they > > seem to usually contain a gazillion lines of code. I'd prefer a > > smaller example. > > I would highly recommend trying to create a built-in dissector instead > of a plug-in, at least for your first attempts, as it is much simplier > to do. Either start with the dissector code in README.developer > (starting with the "Cut here" text) or Copy a simple dissector such as > LLT to a new name replacing <proto> with the name of your dissector. > > cp epan/dissectors/packet-llt.c epan/dissectors/packet-<proto>.c > > Then add packet-<proto>.c to epan/dissectors/Makefile.common under > CLEAN_DISSECTOR_SRC (note that it's in alphabetical order). > > Then run make again and your dissector will be included. > > > My intention is to add a completely different set of functionality to > > Wireshark, which could be quite useful for a bigger bunch of people. > > Great! Remember that dissectors only interpret protocols, if you want > to add new GUI functionality to Wireshark for example, we'll need to > show you a different set of sample files to go off of. > > > Steve > > > _______________________________________________ > Wireshark-dev mailing list > [email protected] > http://www.wireshark.org/mailman/listinfo/wireshark-dev > _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
