diff options
Diffstat (limited to 'docbook/wsdg_src')
34 files changed, 8994 insertions, 0 deletions
diff --git a/docbook/wsdg_src/developer-guide-docinfo.xml b/docbook/wsdg_src/developer-guide-docinfo.xml new file mode 100644 index 0000000..90f36d1 --- /dev/null +++ b/docbook/wsdg_src/developer-guide-docinfo.xml @@ -0,0 +1,85 @@ +<!-- Document information for the Developer's Guide. --> + +<!-- Updated by tools/make-version.py --> +<subtitle>For Wireshark 4.2</subtitle> + + <!-- <title><inlinegraphic entityref="WiresharkLogo" valign="middle" format="PNG"/> &DocumentTitle;</title> --> + +<authorgroup> + + <author><firstname>Ulf</firstname><surname>Lamping</surname> + <!-- <affiliation><orgname></orgname></affiliation> --> + <email>ulf.lamping[AT]web.de</email> + </author> + + <author><firstname>Luis</firstname><othername>E.</othername><othername>Garcia</othername><surname>Ontanon</surname> + <!-- <affiliation><orgname></orgname></affiliation> --> + <email>luis[AT]ontanon.org</email> + </author> + + <author><firstname>Graham</firstname><surname>Bloice</surname> + <!-- <affiliation><orgname></orgname></affiliation> --> + <email>graham.bloice[AT]trihedral.com</email> + </author> + +</authorgroup> + +<!--<edition>&DocumentEdition;</edition> +<pubdate>2008</pubdate>--> +<copyright><year>2004-2014</year> + <holder>Ulf Lamping</holder> + <holder>Luis E. Garcia Ontanon</holder> + <holder>Graham Bloice</holder> +</copyright> + +<revhistory> + +<revision> + <revnumber>1.1</revnumber> + <date>28 Dec 2014</date> + <authorinitials>gb</authorinitials> + <revremark>Updated for 1.99.x and 2.0, move to VS2013.</revremark> +</revision> + +<revision> + <revnumber>1.0</revnumber> + <date>2 Nov 2014</date> + <authorinitials>gcc</authorinitials> + <revremark>Moved Lua reference from User's Guide to Developer's Guide.</revremark> +</revision> + +<revision> + <revnumber>0.9</revnumber> + <date>9 Feb 2014</date> + <authorinitials>gcc</authorinitials> + <revremark>Converted from DocBook to AsciiDoc.</revremark> +</revision> + +<revision> + <revnumber>0.5</revnumber> + <date>21 Jan 2007</date> + <authorinitials>ul</authorinitials> + <revremark>Major redesign.</revremark> +</revision> + +<revision> + <revnumber>0.1</revnumber> + <date>17 Aug 2004</date> + <authorinitials>ul</authorinitials> + <revremark>Initial version.</revremark> +</revision> + +</revhistory> + +<legalnotice> + <simpara> + Permission is granted to copy, distribute + and/or modify this document under the terms of the GNU General Public + License, Version 2 or any later version published by the Free Software + Foundation. + </simpara> + <simpara> + All logos and trademarks in this document are property of their + respective owners. + </simpara> +</legalnotice> diff --git a/docbook/wsdg_src/developer-guide.adoc b/docbook/wsdg_src/developer-guide.adoc new file mode 100644 index 0000000..cc1c0bd --- /dev/null +++ b/docbook/wsdg_src/developer-guide.adoc @@ -0,0 +1,72 @@ +:doctype: book +include::../attributes.adoc[] + +// Electronic book attributes +:author: Ulf Lamping, Graham Bloice +:description: Wireshark Developer’s Guide +:keywords: Wireshark Developer Guide +ifdef::ebook-format-epub3[] +:front-cover-image: images/ws-dev-guide-cover.png +:toc: +endif::[] + += Wireshark Developer’s Guide: Version {wireshark-version} + +// Attributes +// XXX This should be surrounded by single quotes in the text. It’s +// currently surrounded by plus signs for AsciiDoc compatibility. +:dlt-glob: DLT_* +:qt6-lts-version: 6.2.4 +:source-highlighter: coderay + +include::wsdg_preface.adoc[] + +include::../common_src/typographic_conventions.adoc[] + +[#PartEnvironment] += Wireshark Build Environment + +[partintro] +.Wireshark Build Environment +-- +The first part describes how to set up the tools, libraries and sources needed to +generate Wireshark and how to do some typical development tasks. +-- + +include::wsdg_env_intro.adoc[] + +include::wsdg_quick_setup.adoc[] + +include::wsdg_sources.adoc[] + +include::wsdg_tools.adoc[] + +include::wsdg_libraries.adoc[] + +[#PartDevelopment] += Wireshark Development + +[partintro] +.Wireshark Development +-- +The second part describes how the Wireshark sources are structured and how to +change the sources such as adding a new dissector. +-- + +include::wsdg_build_intro.adoc[] + +include::wsdg_works.adoc[] + +include::wsdg_capture.adoc[] + +include::wsdg_dissection.adoc[] + +include::wsdg_lua_support.adoc[] + +include::wsdg_userinterface.adoc[] + +include::wsdg_tests.adoc[] + +include::wsdg_asn2wrs.adoc[] + +include::../common_src/gpl_appendix.adoc[] diff --git a/docbook/wsdg_src/images/caution.svg b/docbook/wsdg_src/images/caution.svg new file mode 100644 index 0000000..793c602 --- /dev/null +++ b/docbook/wsdg_src/images/caution.svg @@ -0,0 +1,3 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="currentColor" class="bi bi-lightning-charge" viewBox="0 0 16 16"> + <path d="M11.251.068a.5.5 0 0 1 .227.58L9.677 6.5H13a.5.5 0 0 1 .364.843l-8 8.5a.5.5 0 0 1-.842-.49L6.323 9.5H3a.5.5 0 0 1-.364-.843l8-8.5a.5.5 0 0 1 .615-.09zM4.157 8.5H7a.5.5 0 0 1 .478.647L6.11 13.59l5.732-6.09H9a.5.5 0 0 1-.478-.647L9.89 2.41 4.157 8.5z"/> +</svg> diff --git a/docbook/wsdg_src/images/git-triangular-workflow.gv b/docbook/wsdg_src/images/git-triangular-workflow.gv new file mode 100644 index 0000000..809877a --- /dev/null +++ b/docbook/wsdg_src/images/git-triangular-workflow.gv @@ -0,0 +1,59 @@ +// dot -Tsvg -o docbook/wsdg_graphics/git-triangular-workflow.svg docbook/wsdg_graphics/git-triangular-workflow.gv + +digraph G { + // XXX Integrate ws.css. Match it manually for now. + graph [ + fontname = "Georgia", + fontsize = 12 + ]; + + node [ + fontname = "Georgia", + fontsize = 12, + shape=box, + style=rounded + ]; + + edge [ + fontname = "Georgia", + fontsize = 12 + ]; + + rankdir = TB; + ranksep = 1.0; + nodesep = 1.0; + // margin = "0.5,0.5"; + + main_repo [ + label=<Main Repository<br/><font point-size="9">gitlab.com/wireshark/wireshark</font>> + ] + + your_fork [ + label=<Your Fork<br/><font point-size="9">gitlab.com/you/wireshark</font>> + ] + + your_repo [ + label=<Your Local Repository<br/><font point-size="9">Somewhere on your machine</font>> + ] + + { rank = same; main_repo; your_fork; } + + // :nw adds needed space + main_repo -> your_fork:nw [ + label = "Fork (once)", + style = dashed + ] + + main_repo -> your_repo [ + label = "Pull" + ] + + your_repo -> your_fork [ + label = "Push" + ] + + your_fork -> main_repo [ + label = "Merge Request" + ] + +} diff --git a/docbook/wsdg_src/images/git-triangular-workflow.svg b/docbook/wsdg_src/images/git-triangular-workflow.svg new file mode 100644 index 0000000..1f8ae3a --- /dev/null +++ b/docbook/wsdg_src/images/git-triangular-workflow.svg @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" + "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> +<!-- Generated by graphviz version 2.44.1 (20200629.0846) + --> +<!-- Title: G Pages: 1 --> +<svg width="429pt" height="205pt" + viewBox="0.00 0.00 428.50 205.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"> +<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 201)"> +<title>G</title> +<polygon fill="white" stroke="transparent" points="-4,4 -4,-201 424.5,-201 424.5,4 -4,4"/> +<!-- main_repo --> +<g id="node1" class="node"> +<title>main_repo</title> +<path fill="none" stroke="black" d="M134,-157C134,-157 12,-157 12,-157 6,-157 0,-151 0,-145 0,-145 0,-133 0,-133 0,-127 6,-121 12,-121 12,-121 134,-121 134,-121 140,-121 146,-127 146,-133 146,-133 146,-145 146,-145 146,-151 140,-157 134,-157"/> +<text text-anchor="start" x="27.5" y="-140.9" font-family="Georgia" font-size="12.00">Main Repository</text> +<text text-anchor="start" x="8" y="-131.3" font-family="Georgia" font-size="9.00">gitlab.com/wireshark/wireshark</text> +</g> +<!-- your_fork --> +<g id="node2" class="node"> +<title>your_fork</title> +<path fill="none" stroke="black" d="M408.5,-157C408.5,-157 311.5,-157 311.5,-157 305.5,-157 299.5,-151 299.5,-145 299.5,-145 299.5,-133 299.5,-133 299.5,-127 305.5,-121 311.5,-121 311.5,-121 408.5,-121 408.5,-121 414.5,-121 420.5,-127 420.5,-133 420.5,-133 420.5,-145 420.5,-145 420.5,-151 414.5,-157 408.5,-157"/> +<text text-anchor="start" x="332" y="-140.9" font-family="Georgia" font-size="12.00">Your Fork</text> +<text text-anchor="start" x="307.5" y="-131.3" font-family="Georgia" font-size="9.00">gitlab.com/you/wireshark</text> +</g> +<!-- main_repo->your_fork --> +<g id="edge1" class="edge"> +<title>main_repo->your_fork:nw</title> +<path fill="none" stroke="black" stroke-dasharray="5,2" d="M111.13,-157.13C158.91,-177.68 241.75,-203.49 292.02,-163.66"/> +<polygon fill="black" stroke="black" points="294.36,-166.27 299.5,-157 289.71,-161.04 294.36,-166.27"/> +<text text-anchor="middle" x="222" y="-187.4" font-family="Georgia" font-size="12.00">Fork (once)</text> +</g> +<!-- your_repo --> +<g id="node3" class="node"> +<title>your_repo</title> +<path fill="none" stroke="black" d="M272.5,-36C272.5,-36 159.5,-36 159.5,-36 153.5,-36 147.5,-30 147.5,-24 147.5,-24 147.5,-12 147.5,-12 147.5,-6 153.5,0 159.5,0 159.5,0 272.5,0 272.5,0 278.5,0 284.5,-6 284.5,-12 284.5,-12 284.5,-24 284.5,-24 284.5,-30 278.5,-36 272.5,-36"/> +<text text-anchor="start" x="155.5" y="-19.9" font-family="Georgia" font-size="12.00">Your Local Repository</text> +<text text-anchor="start" x="157.5" y="-10.3" font-family="Georgia" font-size="9.00">Somewhere on your machine</text> +</g> +<!-- main_repo->your_repo --> +<g id="edge2" class="edge"> +<title>main_repo->your_repo</title> +<path fill="none" stroke="black" d="M93.49,-120.95C118.23,-100.36 159.98,-65.62 187.76,-42.5"/> +<polygon fill="black" stroke="black" points="190.1,-45.11 195.55,-36.02 185.62,-39.72 190.1,-45.11"/> +<text text-anchor="middle" x="160" y="-75.4" font-family="Georgia" font-size="12.00">Pull</text> +</g> +<!-- your_fork->main_repo --> +<g id="edge4" class="edge"> +<title>your_fork->main_repo</title> +<path fill="none" stroke="black" d="M299.29,-139C257.86,-139 202.13,-139 156.46,-139"/> +<polygon fill="black" stroke="black" points="156.29,-135.5 146.29,-139 156.29,-142.5 156.29,-135.5"/> +<text text-anchor="middle" x="222" y="-142.4" font-family="Georgia" font-size="12.00">Merge Request</text> +</g> +<!-- your_repo->your_fork --> +<g id="edge3" class="edge"> +<title>your_repo->your_fork</title> +<path fill="none" stroke="black" d="M236.59,-36.02C261.49,-56.59 303.53,-91.33 331.52,-114.46"/> +<polygon fill="black" stroke="black" points="329.43,-117.28 339.37,-120.95 333.89,-111.88 329.43,-117.28"/> +<text text-anchor="middle" x="305.5" y="-75.4" font-family="Georgia" font-size="12.00">Push</text> +</g> +</g> +</svg> diff --git a/docbook/wsdg_src/images/important.svg b/docbook/wsdg_src/images/important.svg new file mode 100644 index 0000000..a2ee701 --- /dev/null +++ b/docbook/wsdg_src/images/important.svg @@ -0,0 +1,4 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="currentColor" class="bi bi-exclamation-circle" viewBox="0 0 16 16"> + <path d="M8 15A7 7 0 1 1 8 1a7 7 0 0 1 0 14zm0 1A8 8 0 1 0 8 0a8 8 0 0 0 0 16z"/> + <path d="M7.002 11a1 1 0 1 1 2 0 1 1 0 0 1-2 0zM7.1 4.995a.905.905 0 1 1 1.8 0l-.35 3.507a.552.552 0 0 1-1.1 0L7.1 4.995z"/> +</svg> diff --git a/docbook/wsdg_src/images/note.svg b/docbook/wsdg_src/images/note.svg new file mode 100644 index 0000000..803dc13 --- /dev/null +++ b/docbook/wsdg_src/images/note.svg @@ -0,0 +1,3 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="currentColor" class="bi bi-sticky" viewBox="0 0 16 16"> + <path d="M2.5 1A1.5 1.5 0 0 0 1 2.5v11A1.5 1.5 0 0 0 2.5 15h6.086a1.5 1.5 0 0 0 1.06-.44l4.915-4.914A1.5 1.5 0 0 0 15 8.586V2.5A1.5 1.5 0 0 0 13.5 1h-11zM2 2.5a.5.5 0 0 1 .5-.5h11a.5.5 0 0 1 .5.5V8H9.5A1.5 1.5 0 0 0 8 9.5V14H2.5a.5.5 0 0 1-.5-.5v-11zm7 11.293V9.5a.5.5 0 0 1 .5-.5h4.293L9 13.793z"/> +</svg> diff --git a/docbook/wsdg_src/images/tip.svg b/docbook/wsdg_src/images/tip.svg new file mode 100644 index 0000000..1a60b74 --- /dev/null +++ b/docbook/wsdg_src/images/tip.svg @@ -0,0 +1,3 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="currentColor" class="bi bi-lightbulb" viewBox="0 0 16 16"> + <path d="M2 6a6 6 0 1 1 10.174 4.31c-.203.196-.359.4-.453.619l-.762 1.769A.5.5 0 0 1 10.5 13a.5.5 0 0 1 0 1 .5.5 0 0 1 0 1l-.224.447a1 1 0 0 1-.894.553H6.618a1 1 0 0 1-.894-.553L5.5 15a.5.5 0 0 1 0-1 .5.5 0 0 1 0-1 .5.5 0 0 1-.46-.302l-.761-1.77a1.964 1.964 0 0 0-.453-.618A5.984 5.984 0 0 1 2 6zm6-5a5 5 0 0 0-3.479 8.592c.263.254.514.564.676.941L5.83 12h4.342l.632-1.467c.162-.377.413-.687.676-.941A5 5 0 0 0 8 1z"/> +</svg> diff --git a/docbook/wsdg_src/images/warning.svg b/docbook/wsdg_src/images/warning.svg new file mode 100644 index 0000000..80c0ba5 --- /dev/null +++ b/docbook/wsdg_src/images/warning.svg @@ -0,0 +1,4 @@ +<svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="currentColor" class="bi bi-exclamation-triangle" viewBox="0 0 16 16"> + <path d="M7.938 2.016A.13.13 0 0 1 8.002 2a.13.13 0 0 1 .063.016.146.146 0 0 1 .054.057l6.857 11.667c.036.06.035.124.002.183a.163.163 0 0 1-.054.06.116.116 0 0 1-.066.017H1.146a.115.115 0 0 1-.066-.017.163.163 0 0 1-.054-.06.176.176 0 0 1 .002-.183L7.884 2.073a.147.147 0 0 1 .054-.057zm1.044-.45a1.13 1.13 0 0 0-1.96 0L.165 13.233c-.457.778.091 1.767.98 1.767h13.713c.889 0 1.438-.99.98-1.767L8.982 1.566z"/> + <path d="M7.002 12a1 1 0 1 1 2 0 1 1 0 0 1-2 0zM7.1 5.995a.905.905 0 1 1 1.8 0l-.35 3.507a.552.552 0 0 1-1.1 0L7.1 5.995z"/> +</svg> diff --git a/docbook/wsdg_src/images/ws-capture-sync.dia b/docbook/wsdg_src/images/ws-capture-sync.dia Binary files differnew file mode 100644 index 0000000..00ba9cf --- /dev/null +++ b/docbook/wsdg_src/images/ws-capture-sync.dia diff --git a/docbook/wsdg_src/images/ws-capture-sync.png b/docbook/wsdg_src/images/ws-capture-sync.png Binary files differnew file mode 100644 index 0000000..d46e1e9 --- /dev/null +++ b/docbook/wsdg_src/images/ws-capture-sync.png diff --git a/docbook/wsdg_src/images/ws-capture_internals.dia b/docbook/wsdg_src/images/ws-capture_internals.dia Binary files differnew file mode 100644 index 0000000..0eae20e --- /dev/null +++ b/docbook/wsdg_src/images/ws-capture_internals.dia diff --git a/docbook/wsdg_src/images/ws-capture_internals.png b/docbook/wsdg_src/images/ws-capture_internals.png Binary files differnew file mode 100644 index 0000000..6d110af --- /dev/null +++ b/docbook/wsdg_src/images/ws-capture_internals.png diff --git a/docbook/wsdg_src/images/ws-dev-guide-cover.png b/docbook/wsdg_src/images/ws-dev-guide-cover.png Binary files differnew file mode 100644 index 0000000..8134d2d --- /dev/null +++ b/docbook/wsdg_src/images/ws-dev-guide-cover.png diff --git a/docbook/wsdg_src/images/ws-function-blocks.dia b/docbook/wsdg_src/images/ws-function-blocks.dia Binary files differnew file mode 100644 index 0000000..cc85781 --- /dev/null +++ b/docbook/wsdg_src/images/ws-function-blocks.dia diff --git a/docbook/wsdg_src/images/ws-function-blocks.png b/docbook/wsdg_src/images/ws-function-blocks.png Binary files differnew file mode 100644 index 0000000..169e19e --- /dev/null +++ b/docbook/wsdg_src/images/ws-function-blocks.png diff --git a/docbook/wsdg_src/images/ws-logo.png b/docbook/wsdg_src/images/ws-logo.png Binary files differnew file mode 100644 index 0000000..04226f3 --- /dev/null +++ b/docbook/wsdg_src/images/ws-logo.png diff --git a/docbook/wsdg_src/images/wslua-new-dialog.png b/docbook/wsdg_src/images/wslua-new-dialog.png Binary files differnew file mode 100644 index 0000000..9de7e4a --- /dev/null +++ b/docbook/wsdg_src/images/wslua-new-dialog.png diff --git a/docbook/wsdg_src/images/wslua-progdlg.png b/docbook/wsdg_src/images/wslua-progdlg.png Binary files differnew file mode 100644 index 0000000..d8d9510 --- /dev/null +++ b/docbook/wsdg_src/images/wslua-progdlg.png diff --git a/docbook/wsdg_src/images/wslua-textwindow.png b/docbook/wsdg_src/images/wslua-textwindow.png Binary files differnew file mode 100644 index 0000000..7defd0f --- /dev/null +++ b/docbook/wsdg_src/images/wslua-textwindow.png diff --git a/docbook/wsdg_src/wsdg_asn2wrs.adoc b/docbook/wsdg_src/wsdg_asn2wrs.adoc new file mode 100644 index 0000000..e7e021e --- /dev/null +++ b/docbook/wsdg_src/wsdg_asn2wrs.adoc @@ -0,0 +1,1256 @@ +[#CreatingAsn1Dissectors] + +== Creating ASN.1 Dissectors + +The `asn2wrs` compiler can be used to create a dissector from an ASN.1 specification of a protocol. +It is a work in progress but has been used to create a number of dissectors. + +It supports: + +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.680/en[X.680] +(07/2002), Information technology - Abstract Syntax Notation One +(ASN.1): Specification of basic notation +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.681/en[X.681] +(07/2002), Information technology - Abstract Syntax Notation One +(ASN.1): Information object specification +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.682/en[X.682] +(07/2002), Information technology - Abstract Syntax Notation One +(ASN.1): Constraint specification +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.683/en[X.683] +(07/2002), Information technology - Abstract Syntax Notation One +(ASN.1): Parameterization of ASN.1 specifications + +// Limitations: Add text here + +It has inbuilt support for: + +* ITU-T Recommendation https://www.itu.int/rec/T-REC-X.880/en[X.880] +(07/1994), Information technology - Remote Operations: Concepts, model +and notation + +[#AboutASN1] + +=== About ASN.1 + +The most useful first step in writing an ASN.1-based dissector is to +learn about ASN.1. There are a number of free resources available to +help with this. One collection of such resources is maintained on +https://www.itu.int/en/ITU-T/asn1/Pages/asn1_project.aspx[the ASN.1 Consortium's web site]. + +[#Asn1DissectorRequirements] +=== ASN.1 Dissector Requirements + +The compiler needs 4 input files: an ASN.1 description of a protocol, a .cnf file, and two template files. +The ASN.1 specification may have to be edited to work, however work is in progress to at least read all ASN1 specifications. +Changing the ASN1 file is being deprecated as this creates problems when updating protocols. +The H.248 Binary encoding dissector is a good example of a dissector with relatively small changes. + +A complete <<SimpleASN1BasedDissector,simple ASN1 UDP-based dissector>> is also available. + +[#BuildingAnASN1BasedPlugin] +==== Building An ASN.1-Based Plugin + +The usual way to build an ASN.1-based dissector is to put it into the +_epan/dissectors/asn1_ subtree. This works well and is somewhat simpler than building as a +plugin, but there are two reasons one might want to build as a plugin: + +* To speed development, since only the plugin needs to be recompiled. +* To allow flexibility in deploying an updated plugin, since only the +plugin needs to be distributed. + +Reasons one might _not_ want to build as a plugin: + +* The code is somewhat more complex. +* The CMakeFile is quite a bit more complex. +* Building under the asn1 subtree keeps all such dissectors together. + +If you still think you'd like to build your module as a plugin, see https://gitlab.com/wireshark/wireshark/-/wikis/ASN1_plugin[Building ASN1 Plugins]. + +[#UnderstandingErrorMessages] +=== Understanding Error Messages + +When running asn2wrs, you could get the following errors: + +* A LexToken error (`__main__.ParseError: LexToken(DOT,'.',71)`) +means that something is not understood in the ASN1 file, line 71, +around the dot (.) - can be the dot itself. + +* A ParseError (`__main__.ParseError: LexToken(SEMICOLON,';',88)`) means that the ';' (SEMICOLON) is not understood. Maybe removing it will work? + +[#HandMassagingTheASN1File] +=== Hand-Massaging The ASN.1 File + +If a portion of your ASN.1 file is unsupported you can modify it by hand as needed. +However, the preferred way to resolve the issue is to report it on the link:{wireshark-mailing-lists-url}wireshark-dev[wireshark-dev] mailing list or in the issue tracker so that asn2wrs can be improved. + +[#CommandLineSyntax] +=== Command Line Syntax + +---- +ASN.1 to Wireshark dissector compiler + + asn2wrs [-h|?] [-d dbg] [-b] [-p proto] [-c cnf_file] [-e] input_file(s) ... + -h|? : Usage + -b : BER (default is PER) + -u : Unaligned (default is aligned) + -p proto : Protocol name (implies -S). Default is module-name + from input_file (renamed by #.MODULE if present) + -o name : Output files name core (default is <proto>) + -O dir : Output directory for dissector + -c cnf_file : Conformance file + -I path : Path for conformance file includes + -e : Create conformance file for exported types + -E : Just create conformance file for exported types + -S : Single output for multiple modules + -s template : Single file output (template is input file + without .c/.h extension) + -k : Keep intermediate files though single file output is used + -L : Suppress #line directive from .cnf file + -D dir : Directory for input_file(s) (default: '.') + -C : Add check for SIZE constraints + -r prefix : Remove the prefix from type names + + input_file(s) : Input ASN.1 file(s) + + -d dbg : Debug output, dbg = [l][y][p][s][a][t][c][m][o] + l - lex + y - yacc + p - parsing + s - internal ASN.1 structure + a - list of assignments + t - tables + c - conformance values + m - list of compiled modules with dependency + o - list of output files +---- + +[#GeneratedFiles] +=== Generated Files + +Asn2wrs creates the following intermediate files: + +* packet-proto-ett.c +* packet-proto-ettarr.c +* packet-proto-fn.c +* packet-proto-hf.c +* packet-proto-hfarr.c +* packet-proto-val.h +* packet-proto-exp.h +* packet-proto-table.c +* packet-proto-syn-reg.c + +These files should be included in the template file as described in the <<ConformanceFiles,conformance file examples>>. +Some are optional. + +[#ASN1StepByStepInstructions] +=== Step By Step Instructions + +. Create a directory for your protocol in the _epan/dissectors/asn1_ directory and put +your ASN.1 file there. +. Copy _CMakeLists.txt_ from another ASN.1 dissector and edit it to suit your needs. +. Create a .cnf file either by copying an existing one and editing it or +using the empty example above. +. Create template files either by copying suitable existing ones and +editing them or use the examples above, putting your protocol name in the +appropriate places. +. Add your dissector to _epan/dissectors/asn1/CMakeLists.txt_ +. Test generating your dissector by building the _generate_dissector-*proto*_ target. +. Depending on the outcome you may have to edit your .cnf file, ASN.1 file +etc... +. Build Wireshark. + +[#HintsForUsingAsn2wrs] +=== Hints For Using Asn2wrs + +Asn2wrs does not support all of ASN.1 yet. +This means you might need to modify the ASN.1 definition before it will compile. +This page lists some tips and tricks that might make your life easier. + +[#COMPONENTS_OF] +[discrete] +==== COMPONENTS OF + +Asn2wrs does not support the COMPONENTS OF directive. +This means that you will have to modify the asn definition to manually +remove all COMPONENTS OF directives. Fortunately this is pretty easy. +COMPONENTS OF is a directive in ASN.1 which include +all specified fields in the referenced SEQUENCE by those fields as if +they had been explicitly specified. + +[#ASN1ComponentsOfExample] +[discrete] +==== Example + +Assume you have some definition that looks like this: + +---- +Foo ::= SEQUENCE { + field_1 INTEGER, + field_2 INTEGER +} + +Bar ::= SEQUENCE { + COMPONENTS OF Foo, + field_3 INTEGER +} +---- + +Since Asn2wrs can not handle COMPONENTS OF you will have to modify the ASN.1 file so that instead Bar +will look like this : + +---- +Bar ::= SEQUENCE { + field_1 INTEGER, + field_2 INTEGER, + field_3 INTEGER +} +---- + +That was pretty easy wasn't it? + +[#SemicolonCharacters] +[discrete] +==== Semicolon Characters + +In some ASN1 you may have semicolon characters like this: + +---- +PBAddressString ::= SEQUENCE { + extension INTEGER(1), natureOfAddressIndicator INTEGER, numberingPlanInd INTEGER, digits OCTET STRING (SIZE(0..19)) +}; +---- + +You will have to remove the last semicolon character. + +[#ASN1Parameters] +[discrete] +==== Parameters + +Parameters will have to be replaced too. +Something like this: + +---- +AChBillingChargingCharacteristics + {PARAMETERS-BOUND : bound} ::= OCTET STRING (SIZE (minAChBillingChargingLength .. +maxAChBillingChargingLength)) +---- + +Will have to be replaced with the real values of the parameters: + +---- +AChBillingChargingCharacteristics ::= OCTET STRING (SIZE (5 .. 177)) +---- + +[#ASN1ANYAndParameterizedTypes] +==== ANY And Parameterized Types + +Asn2wrs can handle the type ANY but not parameterized types. +Fortunately this is easy to work around with small changes to the ASN file and some conformance file magic. +Assuming you have a construct that looks something like this: + +---- +AlgorithmIdentifier ::= SEQUENCE { + algorithm ALGORITHM.&id({SupportedAlgorithms}), + parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL +} +---- + +Which is essentially a structure that takes two fields, one field being an object identifier and the second field that can be just about anything, depending on what object identifier was used. +Here we just have to rewrite this SEQUENCE slightly so that it looks like this: + +---- +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY OPTIONAL +} +---- + +The only thing remaining now is to add the actual code to manage the dissection of this structure. +We do this by using the <<ASN1CnfDirectiveFN_BODY,\#.FN_BODY conformance file directive>>, which will replace the function body of a dissector with the contents that you specify in the conformance file. +For this one we need a string where we store the OID from AlgorithmIdentifier/algorithm so that we can pick it up and act on later from inside the dissector for AlgorithmIdentifier/parameters. +So we have to add something like this: + +[source,c] +---- +static char algorithm_id[64]; /* 64 chars should be enough? */ +---- + +to the template file. +Then we add the following to the conformance file: + +---- +#.FN_BODY AlgorithmIdentifier/algorithmId + +offset = dissect_ber_object_identifier(false, pinfo, tree, tvb, offset, + hf_x509af_algorithm_id, algorithm_id); + +#.FN_BODY AlgorithmIdentifier/parameters + +offset=call_ber_oid_callback(algorithm_id, tvb, offset, pinfo, tree); +---- + +This example comes from the X509AF dissector. Please see the code there +for more examples on how to do this. + +[#TaggedAssignments] +==== Tagged Assignments + +There is currently a bug in Asn2wrs that makes it +generate incorrect code for the case when tagged assignments are used. +The bug is two-fold, first the generated code "forgets" to strip of the +actual tag and length, second it fails to specify 'implicit_tag' +properly. + +A tagged assignment is something that looks like this example from the +FTAM asn specification: + +---- +Degree-Of-Overlap ::= +[APPLICATION 30] IMPLICIT INTEGER { + normal(0), consecutive(1), concurrent(2) +} +---- + +I.e. an assignment that also specifies a tag value. + +Until Asn2wrs is enhanced to handle these constructs you MUST add a workaround for it to the conformance file: + +---- +#.FN_BODY Degree-Of-Overlap + +int8_t class; +bool pc, ind_field; +int32_t tag; +int32_t len1; + +/* + * XXX asn2wrs can not yet handle tagged assignment yes so this + * is some conformance file magic to work around that bug + */ + +offset = get_ber_identifier(tvb, offset, &class, &pc, &tag); +offset = get_ber_length(tree, tvb, offset, &len1, &ind_field); +offset = dissect_ber_integer(true, pinfo, tree, tvb, offset, hf_index, NULL); +---- + +This tells Asn2wrs to not +autogenerate any code at all for the Degree-Of-Overlap object instead it +should use the code specified here. Note that we +do have to specify the implicit_tag value explicitly and we can NOT use +the parameter passed to the function from the caller (also due to the +bug in Asn2wrs) this is the true parameter in the call to +dissect_ber_integer(). We specify true here since +the definition of Degree-Of-Overlap was using IMPLICIT tags and would +have specified false if it was not. + +The code above can be easily cut-n-pasted into the conformance file with +the exception of the last line that actually calls the next dissector +helper (...dissect_ber_integer... in this case). +The easiest way to find out exactly what this +final line should look like in the conformance file; just generate the +dissector first without this workaround and look at what call was +generated. Then put that line in the conformance directive and replace +`implicit_tag` with either true or false depending on whether IMPLICIT +is used or not. + +[#UntaggedCHOICEs] +==== Untagged CHOICEs + +Asn2wrs cannot handle untagged CHOICEs within either a SET or a SEQUENCE. For example: + +---- +MessageTransferEnvelope ::= SET { + ... + content-type ContentType, + ... +} + +ContentType ::= CHOICE { + built-in BuiltInContentType, + extended ExtendedContentType +} + +BuiltInContentType ::= [APPLICATION 6] INTEGER { + unidentified(0), external(1), interpersonal-messaging-1984(2), interpersonal-messaging-1988(22), + edi-messaging(35), voice-messaging(40)} + +ExtendedContentType ::= OBJECT IDENTIFIER +---- + +The Asn2wrs SET/SEQUENCE parsing only looks one level +deep into the dissection tree and does not have access to class/tags of +the elements in the CHOICE. + +As with COMPONENTS OF, the solution is to expand the CHOICE in-line +within the SET or SEQUENCE, but *make sure* that each element of the +CHOICE is marked as OPTIONAL. For example, + +---- +MessageTransferEnvelope ::= SET { + ... + built-in BuiltInContentType OPTIONAL, + extended ExtendedContentType OPTIONAL + ... +} +---- + +This isn't an entirely correct ASN.1 definition, but should allow +successful parsing. + +[#ImportedModuleNameConflicts] +==== Imported Module Name Conflicts + +When importing a module using <<ASN1CnfDirectiveINCLUDE,++#++.INCLUDE>> in the conformance file, this +may introduce a definition from the module which contradicts the +definition used in the current ASN.1 file. For example, the X.509 +Authentication Framework defines Time as + +---- +Time ::= CHOICE {utcTime UTCTime, + generalizedTime GeneralizedTime +} +---- + +whereas X.411 defines Time as + +---- +Time ::= UTCTime +---- + +This can lead to failure to decode the ASN.1 as, in the example, +Asn2wrs will be passed the wrong attributes when trying +to decode an X.411 time. In order to solve this +problem, (if you don't want to globally change the conflicting name +within the ASN.1 module), then you must add an appropriate #.TYPE_ATTR +into the conformance file *before* the <<ASN1CnfDirectiveINCLUDE,++#++.INCLUDE>> line. For example + +---- +#.TYPE_ATTR +Time TYPE = FT_STRING DISPLAY = BASE_NONE STRING = NULL BITMASK = 0 +---- + +[#SimpleASN1BasedDissector] +=== Simple ASN.1-Based Dissector + +// https://gitlab.com/wireshark/wireshark/-/wikis/uploads/__moin_import__/attachments/ASN1_sample/foo.tar.gz +// all seven files as gzipped foo directory (suitable for unzipping in +// wireshark/asn1 directory) + +The following snippets show the different files that make up a dissector for a “FOO” protocol dissector. + +.README.txt +---- + + FOO protocol dissector + ---------------------- + +This trivial dissector is an example for the struggling dissector developer (me included) +of how to create a dissector for a protocol that is encapsulated in UDP packets +for a specific port, and the packet data is ASN1 PER encoded. + +The thing that took me a while to figure out was that in order to see my packet +dissected on the detail pane, I had to: +1. Tell the compiler which block in the ASN1 definition is a PDU definition by adding + FOO-MESSAGE under the #.PDU directive in the foo.cnf file +2. Add a call to dissect_FOO_MESSAGE_PDU() function in the dissect_foo() function in the + packet-foo-template.c file. + +To build and test it: +1. in foo directory, run make +2. run make copy_files +3. add packet-foo.c and packet-foo.h to epan/dissectors/Makefile.common +4. run top level make + +CAVEAT: Makefile.nmake was not tested . + +You can take it from here :-) + + --00-- +---- + +.foo.asn +---- +-- FOO PROTOCOL +-- + +FOO-PROTOCOL DEFINITIONS AUTOMATIC TAGS ::= +BEGIN + +-- General definitions + +MessageId ::= INTEGER (0..65535) +FlowId ::= INTEGER (0..65535) + +MessageData ::= SEQUENCE { + name OCTET STRING(SIZE(10)), + value OCTET STRING(SIZE(10)) +} + +FOO-MESSAGE ::= SEQUENCE { + messageId MessageId, + flowId FlowId, + messageData MessageData +} + +END +---- + +.foo.cnf +---- +# foo.cnf +# FOO conformation file + +# $Id$ + +#.MODULE_IMPORT + +#.EXPORTS + +#.PDU +FOO-MESSAGE + +#.NO_EMIT + +#.TYPE_RENAME + +#.FIELD_RENAME + +#.END +---- + +.packet-foo-template.h +[source,c] +---- +/* packet-foo.h + * Routines for foo packet dissection + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef PACKET_FOO_H +#define PACKET_FOO_H + +#endif /* PACKET_FOO_H */ +---- + +.packet-foo-template.c +[source,c] +---- +/* packet-foo.c + * Routines for FOO packet dissection + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include <glib.h> +#include <epan/packet.h> +#include <epan/conversation.h> + +#include <stdio.h> +#include <string.h> + +#include "packet-per.h" +#include "packet-foo.h" + +#define PNAME "FOO Protocol" +#define PSNAME "FOO" +#define PFNAME "foo" +#define FOO_PORT 5001 /* UDP port */ +static dissector_handle_t foo_handle=NULL; + +void proto_reg_handoff_foo(void); +void proto_register_foo(void); + +/* Initialize the protocol and registered fields */ +static int proto_foo = -1; +static int global_foo_port = FOO_PORT; + +#include "packet-foo-hf.c" + +/* Initialize the subtree pointers */ +static int ett_foo = -1; + +#include "packet-foo-ett.c" + +#include "packet-foo-fn.c" + +static void +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_item *foo_item = NULL; + proto_tree *foo_tree = NULL; + int offset = 0; + + /* make entry in the Protocol column on summary display */ + if (check_col(pinfo->cinfo, COL_PROTOCOL)) + col_set_str(pinfo->cinfo, COL_PROTOCOL, PNAME); + + /* create the foo protocol tree */ + if (tree) { + foo_item = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + foo_tree = proto_item_add_subtree(foo_item, ett_foo); + + dissect_FOO_MESSAGE_PDU(tvb, pinfo, foo_tree); + } +} +/*--- proto_register_foo -------------------------------------------*/ +void proto_register_foo(void) { + + /* List of fields */ + static hf_register_info hf[] = { + +#include "packet-foo-hfarr.c" + }; + + /* List of subtrees */ + static int *ett[] = { + &ett_foo, +#include "packet-foo-ettarr.c" + }; + + /* Register protocol */ + proto_foo = proto_register_protocol(PNAME, PSNAME, PFNAME); + /* Register fields and subtrees */ + proto_register_field_array(proto_foo, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + + + +} + +/*--- proto_reg_handoff_foo ---------------------------------------*/ +void +proto_reg_handoff_foo(void) +{ + static bool inited = false; + + if( !inited ) { + + foo_handle = create_dissector_handle(dissect_foo, + proto_foo); + dissector_add("udp.port", global_foo_port, foo_handle); + + inited = true; + } + +} +---- + +.CMakeLists.txt +---- +set( PROTOCOL_NAME foo ) + +set( PROTO_OPT ) + +set( EXT_ASN_FILE_LIST +) + +set( ASN_FILE_LIST + Foo.asn +) + +set( EXTRA_DIST + ${ASN_FILE_LIST} + packet-${PROTOCOL_NAME}-template.c + ${PROTOCOL_NAME}.cnf +) + +set( SRC_FILES + ${EXTRA_DIST} + ${EXT_ASN_FILE_LIST} +) + +set( A2W_FLAGS ) + +ASN2WRS() +---- + +[#ConformanceFiles] +=== Conformance (.cnf) Files + +The .cnf file tells the compiler what to do with certain things, such as skipping auto generation for some ASN.1 entries. +They can contain the following directives: + +#.OPT:: +Compiler options. + +#.MODULE and <<ASN1CnfDirectiveMODULE_IMPORT,++#++.MODULE_IMPORT>>:: +Assign Wireshark protocol name to ASN.1 module name. + +<<ASN1CnfDirectiveINCLUDE,++#++.INCLUDE>>:: +Include another conformance file. + +<<ASN1CnfDirectiveEXPORTS,++#++.EXPORTS>>:: +Export type or information object class. + +<<ASN1CnfDirectivePDUAndPDU_NEW,++#++.PDU>>, <<ASN1CnfDirectivePDUAndPDU_NEW,++#++.PDU_NEW>>, <<ASN1CnfDirectiveREGISTERAndREGISTER_NEW,++#++.REGISTER>>, <<ASN1CnfDirectiveREGISTERAndREGISTER_NEW,++#++.REGISTER_NEW>>, and #.SYNTAX:: +Create PDU functions and register them optionally to dissector table. + + +#.CLASS:: +Declare or define information object class. + +#.ASSIGNED_OBJECT_IDENTIFIER:: +Declare assigned object identifier. + +#.TABLE_HDR, #.TABLE_BODY, and #.TABLE_FTR:: +User tables. + +#.OMIT_ASSIGNMENT, #.NO_OMIT_ASSGN, #.OMIT_ALL_ASSIGNMENTS, #.OMIT_ASSIGNMENTS_EXCEPT, #.OMIT_ALL_TYPE_ASSIGNMENTS, #.OMIT_TYPE_ASSIGNMENTS_EXCEPT, #.OMIT_ALL_VALUE_ASSIGNMENTS, and #.OMIT_VALUE_ASSIGNMENTS_EXCEPT:: +Ignore assignments from ASN.1 source. + +<<ASN1CnfDirectiveNO_EMITAndUSER_DEFINED,++#++.NO_EMIT>> and <<ASN1CnfDirectiveNO_EMITAndUSER_DEFINED,++#++.USER_DEFINED>>:: +See linked text for info. + +#.VIRTUAL_ASSGN, #.SET_TYPE, #.MAKE_ENUM, #.MAKE_DEFINES, and #.ASSIGN_VALUE_TO_TYPE:: +Unknown. + +#.TYPE_RENAME, #.FIELD_RENAME, and #.TF_RENAME:: +Type/field renaming + +#.IMPORT_TAG, #.TYPE_ATTR, #.FIELD_ATTR:: +Type attributes + + +#.FN_HDR, <<ASN1CnfDirectiveFN_BODY,++#++.FN_BODY>>, #.FN_FTR, and #.FN_PARS:: +Type function modification + +<<ASN1CnfDirectiveEND,++#++.END>>:: +End of directive + +#.END_OF_CNF:: +End of conformance file + +[#ExampleCnfFile] +==== Example .cnf File + +---- +#.MODULE IMPORT +InformationFramework x509if + +#.INCLUDE ../x509if/x509if_exp.cnf + +#.EXPORTS + +ObjectName + +#.PDU +ObjectName + +#.REGISTER +Certificate B "2.5.4.36" "id-at-userCertificate" + +#.SYNTAX +ObjectName [FriendlyName] + +#.NO_EMIT ONLY_VALS +# this can be used with: [WITH_VALS|WITHOUT_VALS|ONLY_VALS] +# using NO_EMIT NO_VALS means it won't generate value_string array for it +Type1 + +#.USER DEFINED +Type1 [WITH_VALS|WITHOUT_VALS|ONLY_VALS] + +#.TYPE_RENAME + +#.FIELD_RENAME + +#.TYPE_ATTR Ss-Code TYPE = FT_UINT16 DISPLAY = BASE_HEX STRINGS = VALS(ssCode_vals) + +# This entry will change the hf definition from the auto-generated one for Ss-Code ::= OCTET STRING(SIZE(1)) + + { &hf_gsm_map_ss_Code, + { "ss-Code", "gsm_map.ss_Code", + FT_BYTES, BASE_HEX, NULL, 0, "", HFILL }}, + +# to: + + { &hf_gsm_map_ss_Code, + { "ss-Code", "gsm_map.ss_Code", + FT_UINT16, BASE_HEX, VALS(ssCode_vals), 0, "", HFILL }}, +---- + +In the proto_abbr-template.c file the corresponding value string must be +inserted. As an example the following would be included in +proto_abbr-template.c to define ssCode_vals: + +---- +static const value_string ssCode_vals[] = { + { 0, "ssCodeString 1" }, /* The string for value 0 */ + { 1, "String 2" }, /* String for value 1 */ + { 5, "String for value 5" }, /* Value String 5 */ + { 0, NULL } /* Null terminated array */ +} +---- + +Note that the NULL value must be the final entry and that the index values need not be consecutive. + +Foo is expressed in different ways depending on where you want to insert your code and the ASN.1 code in question. + +* Foo +* Foo/foo +* Foo/_item/foo + +For Tagged type use: + +---- +Foo/_untag + +#.FN_HDR Foo +/* This is code to be inserted into the dissector for Foo BEFORE the BER/PER helper is called. */ +tvbuff_t *out_tvb; +fragment_data *fd_head; +tvbuff_t *next_tvb = NULL; + +#.FN_BODY Foo +/* This here is code to replace the actual call to the helper completely. */ +offset = dissect_ber_octet_string(implicit_tag, pinfo, tree, tvb, offset, hf_index, &out_tvb); + +/* Putting %(DEFAULT_BODY)s inside #.FN_BODY will insert the original code there. */ + +#.FN_FTR Foo +/* This is code to be inserted into the dissector for Foo AFTER the ber/per helper has returned called. */ +if (foo_reassemble) { +... +} + +#.FN_PARS + +#.END +---- + +[#ExamplePacketProtocolTemplateHFile] +==== Example packet-protocol-template.h File + +Example template.h file. +Replace all PROTOCOL/protocol references with the name of your protocol. + +[source,c] +---- +/* packet-protocol.h + * Routines for Protocol packet dissection + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#ifndef PACKET_PROTOCOL_H +#define PACKET_PROTOCOL_H + +#include "packet-protocol-exp.h" + +#endif /* PACKET_PROTOCOL_H */ +---- + +[#ExamplePacketProtocolTemplateCFile] +==== Example packet-protocol-template.c File + +Example template.c file. +Replace all PROTOCOL/protocol references with the name of your protocol. + +[source,c] +---- +/* packet-protocol.c + * Routines for PROTOCOL packet dissection + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include <glib.h> +#include <epan/packet.h> +#include <epan/conversation.h> + +#include <stdio.h> +#include <string.h> + +#include "packet-ber.h" +#include "packet-protocol.h" + +#define PNAME "This Is The Protocol Name" +#define PSNAME "PROTOCOL" +#define PFNAME "protocol" + +/* Initialize the protocol and registered fields */ +int proto_protocol = -1; +#include "packet-protocol-hf.c" + +/* Initialize the subtree pointers */ +#include "packet-protocol-ett.c" + +#include "packet-protocol-fn.c" + +/*--- proto_register_protocol ----------------------------------------------*/ +void proto_register_protocol(void) { + + /* List of fields */ + static hf_register_info hf[] = { +#include "packet-protocol-hfarr.c" + }; + + /* List of subtrees */ + static int *ett[] = { +#include "packet-protocol-ettarr.c" + }; + + /* Register protocol */ + proto_protocol = proto_register_protocol(PNAME, PSNAME, PFNAME); + + /* Register fields and subtrees */ + proto_register_field_array(proto_protocol, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); + +} + +/*--- proto_reg_handoff_protocol -------------------------------------------*/ +void proto_reg_handoff_protocol(void) { +#include "packet-protocol-dis-tab.c" +} +---- + +[#ASN1ConformanceFileDirectiveReference] +=== Conformance File Directive Reference + +The following directives can be used in conformance (.cnf) files: + +[#ASN1CnfDirectiveEND] +==== #.END + +Some of the other directives in the Asn2wrs conformance file consists of multiple lines. +The #.END directive is used to terminate such a directive. +All other “#.” directives (except #.INCLUDE) automatically act as an implicit #.END directive which is why you will not see many #.END directives in the conformance files for the dissectors shipped with Wireshark. + +[#ASN1CnfDirectiveEXPORTS] +==== #.EXPORTS + +This directive in the Asn2wrs conformation file is used to export functions for type decoding from the dissector. + +[#ASN1CnfDirectiveEXPORTSSyntax] +===== Syntax + +---- +#.EXPORTS + +TypeName [WITH_VALS|WITHOUT_VALS|ONLY_VALS] [WS_VAR] [NO_PROT_PREFIX] +... +#.END +---- + +Options: + +* WITH_VALS (default): Exports dissection function and value string table if present. +* WITHOUT_VALS: Exports only the dissection function. +* ONLY_VALS: Exports only the value string table. +* WS_VAR and WS_VAR_IMPORT: Used for value string table so as it can be exported from libwireshark.dll. +* NO_PROT_PREFIX: - value string table name does not have protocol prefix + +[#ASN1CnfDirectiveEXPORTSExample] +===== Example + +---- +#.EXPORTS +NonStandardParameter +RasMessage WITH_VALS WS_VAR +H323-UU-PDU/h323-message-body ONLY_VALS WS_VAR +#.END +---- + +[#ASN1CnfDirectiveFN_BODY] +==== #.FN_BODY + +Sometimes, like when we have ANY types, we might want to replace +whatever function body that Asn2wrs generates with code +of our own. This is what this directive allows us to do. + +[#ASN1CnfDirectiveFN_BODYExample] +===== Example: ANY + +Asn2wrs can handle the type ANY but we have to help it by adding some small changes to the conformance file. +Assuming you have a construct that looks something like this: + +---- +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER, + parameters ANY OPTIONAL +} +---- + +To handle this we need to specify our own function bodies to both the +algorithm and the parameters fields, which we do using the #.FN_BODY +directive. + +This particular example also requires us to keep some state between the +two field dissectors, namely the OBJECT IDENTIFIER from algorithm which +specifies what the content of parameters is. For +this one we need a string where we store the oid from +AlgorithmIdentifier/algorithm so that we can pick it up and act on +later from inside the dissector for AlgorithmIdentifier/parameters. +So we have to add: + +---- +static char algorithm_id[64]; /* 64 chars should be enough? */ +---- + +to the template file as a placeholder to remember which OID we picked +up. Then we add to the conformance file: + +---- +#.FN_BODY AlgorithmIdentifier/algorithmId + offset = dissect_ber_object_identifier(false, pinfo, tree, tvb, offset, + hf_x509af_algorithm_id, algorithm_id); + +#.FN_BODY AlgorithmIdentifier/parameters + offset=call_ber_oid_callback(algorithm_id, tvb, offset, pinfo, tree); +---- + +The dissector body we specified for AlgorithmIdentifier/algorithmId +here stores the retrieved OID inside the variable algorithm_id we +specified. + +When we later come to the dissector for +AlgorithmIdentifier/parameters we pick this OID up from the static +variable and just pass it on to the ber/oid dissector helper. + + + + +This example comes from the X509AF dissector. Please see the code there +for more examples on how to do this. + + + +[#ASN1CnfDirectiveMODULE_IMPORTAndINCLUDE] +==== #.MODULE_IMPORT And #.INCLUDE + +These directive in the Asn2wrs conformation file are used to manage references to external type definitions, i.e. IMPORTS. +The examples below are all from the X.509 Authentication Framework (x509af) dissector source code in Wireshark. + +[#ASN1CnfDirectiveMODULE_IMPORTAndINCLUDEExample] +===== Example ASN + +This is an example from the X509AF dissector which amongst other things +imports definitions from X.509 InformationFramework: + +---- +IMPORTS + Name, ATTRIBUTE, AttributeType, MATCHING-RULE, Attribute + FROM InformationFramework informationFramework +---- + +Which tells the Asn2wrs compiler that the types 'Name', +'ATTRIBUTE', 'AttributeType', 'MATCHING-RULE' and 'Attribute' are +declared inside the external InformationFramework ASN module and +that they are referenced from this module. +In order for Asn2wrs to generate correct code for the +dissection it is necessary to give it some help by telling what kind of +types these are, i.e. are they INTEGERs or SEQUENCEs or something +else. + +In order to be able to access these functions from this module it is +important that these types have been declared as #.EXPORTS in the X509 +InformationFramework dissector so that they are exported and that we +can link to them. + +[#ASN1CnfDirectiveMODULE_IMPORT] +==== #.MODULE_IMPORT + +First we need to tell Asn2wrs which protocol name +Wireshark uses for the functions in this external import, so that +Asn2wrs can generate suitable function call signatures to +these external functions. + +We do this by adding a directive to the conformation file : + +---- +#.MODULE_IMPORT +InformationFramework x509if +---- + +Where InformationFramework is the ASN name for the module used in +the asn IMPORTS declaration and that x509if is the name we use inside +Wireshark for this protocol. + +This tells Asn2wrs that the function name to call to +dissect Name would be dissect_x509if_Name(...). Without this knowledge +Asn2wrs would not know which function name to generate. + + +[#ASN1CnfDirectiveINCLUDE] +==== #.INCLUDE + +Second, in order for Asn2wrs to generate correct code it +also needs to know the BER type and class of these types that are +imported, since that would affect how they are to be encoded on the +wire. + +This information about what kind of BER attributes these imported types +have are done using the #.INCLUDE directive in the conformance file: + +---- +#.INCLUDE ../x509if/x509if_exp.cnf +---- + +See #.EXPORTS for a description and examples of these types of include +files. + +[#ASN1CnfDirectiveNO_EMITAndUSER_DEFINED] +==== #.NO_EMIT And #.USER_DEFINED + +These two directives in the conformance file for Asn2wrs +can be used to suppress generation of dissectors +and/or value_strings and similar for a protocol. This is useful when +there are types in the asn definition that either Asn2wrs +can not handle or if we want to handle the dissection ourself inside the +template file to do additional state keeping or things that +Asn2wrs does not know how to manage. + +These two directives are very similar. The only +difference between is that #.NO_EMIT will suppress emitting the +dissector for that function and also any value_strings while +#.USER_DEFINED will emit declarations instead of definitions. + +I.e. #.USER_DEFINED will emit declarations such +as +`extern const value_string Type_vals[];` +and +`[static] int dissect_Proto_Type(...);` + +Use #.NO_EMIT if you dont need to call this function at all from anywhere (except from the template itself) and use #.USER_DEFINED is better if you implement the function inside the template but still want to allow it to be called from other places. +// (need much better explanation here) + +[#ASN1CnfDirectiveNO_EMITSyntax] +===== Syntax + +---- +#.USER_DEFINED +TypeName [WITH_VALS|WITHOUT_VALS|ONLY_VALS] +... +#.END +---- + +---- +#.NO_EMIT +TypeName [WITH_VALS|WITHOUT_VALS|ONLY_VALS] +... +#.END +---- + +Options: + +* WITH_VALS (default): Both dissection function and value string table are user defined and not emitted. +* WITHOUT_VALS: Only dissection function is user defined and not emitted. +* ONLY_VALS: Only value string table is user defined and not emitted. + +[#ASN1CnfDirectivePDUAndPDU_NEW] +==== #.PDU and #.PDU_NEW + +This directive in the Asn2wrs conformation file will +generate a wrapper function around an object dissector. +This is useful if there is an object inside the +ASN.1 definition that we really want to register as a protocol dissector +or if we want it to have a well known signature. + +[#ASN1CnfDirectivePDUFunctionNames] +===== Function Names + +The wrapper functions that are created will all be named and have the +following signature: + +---- +static void dissect_ProtocolName_ObjectName(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree); +---- + +Notice that this is exactly the same signature as `dissector_t` which is used by all dissector entry points. + +[#ASN1CnfDirectivePDUUsage] +===== Usage + +To get Asn2wrs to generate such wrapper functions you +just have to list all objects one by one on the lines following the +#.PDU declaration. + +[#ASN1CnfDirectivePDUExample] +===== Example + +---- +#.PDU +SomeObject +---- + +This will result in Asn2wrs creating this wrapper function in the packet-foo.c dissector file: + +[source,c] +---- +static void dissect_SomeObject_PDU(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { + dissect_foo_SomeObject(false, ... +} +---- + +This function can then later be called or referenced from the template file or even exported. + +[#ASN1CnfDirectiveREGISTERAndREGISTER_NEW] +==== #.REGISTER and #.REGISTER_NEW + +This directive in the Asn2wrs conformation file can be used to register a dissector for an object to an OID. +This is very useful for X.509 and similar protocols where structures and objects are frequently associated with an OID. +In particular, some of the structures here encode an OID in a field and then the content in a different field later, and how that field is to be dissected depends on the previously seen OID. + +One such example can be seen in the ASN.1 description for X.509/AuthenticationFramework which has a structure defined such as + +---- +AlgorithmIdentifier ::= SEQUENCE { + algorithm ALGORITHM.&id({SupportedAlgorithms}), + parameters ALGORITHM.&Type({SupportedAlgorithms}{@algorithm}) OPTIONAL +} +---- + +Which means that the parameters field in this structure, what this field contains and how it is to be dissected depends entirely upon what OID is stored inside algorithm. +A whole bunch of protocols use similar types of constructs. +While dissection of this particular structure itself currently has to be hand implemented inside the template (see x509af for examples of how this very structure is handled there). +The #.REGISTER option in the conformance file will at least make it easy and painless to attach the actual OID to dissector mappings. + +[#ASN1CnfDirectiveREGISTERUsage] +===== Usage + +To get Asn2wrs to generate such automatic registration of +OID to dissector mappings just use the #.REGISTER directive in the +conformation file. + +[#ASN1CnfDirectiveREGISTERExample] +===== Example + +---- +#.REGISTER +Certificate B "2.5.4.36" "id-at-userCertificate" +---- + +Which will generate the extra code to make sure that anytime Wireshark needs to dissect the blob associated to the OID "2.5.4.36" it now knows that that is done by calling the subroutine to dissect a Certificate in the current protocol file. +The "id-at-userCertificate" is just a free form text string to make Wireshark print a nice name together with the OID when it presents it in the decode pane. While this can be just about anything you want I would STRONGLY use the name used to this object/oid in the actual ASN.1 definition file. + +[#ASN1CnfDirectiveREGISTERIncludeFile] +===== Include File + +During the compilation phase Asn2wrs will put all the extra registration code for this in the include file +packet-protocol-dis-tab.c. +Make sure that you include this file from the template file or the registration to an OID will never occur. `#include "packet-protocol-dis-tab.c"` should be included from the proto_reg_handoff_protocol function in the template file. + +[#ASN1CnfDirectiveREGISTERSeeAlso] +===== See Also + +The various dissectors we have for X.509 such as the X.509AF which contains several examples of how to use this option. +That dissector can also serve as an example on how one would handle structures of the type AlgorithmIdentifier above. +Asn2wrs can NOT handle these types of structures so we need to implement them by hand inside the template. diff --git a/docbook/wsdg_src/wsdg_build_intro.adoc b/docbook/wsdg_src/wsdg_build_intro.adoc new file mode 100644 index 0000000..d4ededb --- /dev/null +++ b/docbook/wsdg_src/wsdg_build_intro.adoc @@ -0,0 +1,52 @@ +// WSDG Chapter Build Introduction + +[#ChapterBuildIntro] + +== Introduction + +[#ChCodeOverview] + +=== Source overview + +Wireshark consists of the following major parts: + +* Packet dissection - in the _/epan/dissectors_ and +_/plugins/epan/{asterisk}_ directories + +* Capture file I/O - using Wireshark’s own wiretap library + +* Capture - using the libpcap and Npcap libraries, in _dumpcap.c_ and +the _/capture_ directory + +* User interface - using Qt and associated libraries + +* Utilities - miscellaneous helper code + +* Help - using an external web browser and text output + +[#ChCodeStyle] + +=== Coding Style + +The coding style guides for Wireshark can be found in the “Portability” +section of the file _doc/README.developer_. + +[#ChCodeGLib] + +=== The GLib library + +GLib is used as a basic platform abstraction library. It doesn't provide +any direct GUI functionality. + +To quote the GLib Reference Manual: +____ +GLib provides the core application building blocks for libraries and +applications written in C. It provides the core object system used in GNOME, the +main loop implementation, and a large set of utility functions for strings and +common data structures. +____ + +GLib contains lots of useful things for platform independent development. +See https://developer.gnome.org/glib/ and https://docs.gtk.org/glib/ for details about GLib. + +// End of WSDG Chapter Build Introduction diff --git a/docbook/wsdg_src/wsdg_capture.adoc b/docbook/wsdg_src/wsdg_capture.adoc new file mode 100644 index 0000000..868f2a0 --- /dev/null +++ b/docbook/wsdg_src/wsdg_capture.adoc @@ -0,0 +1,505 @@ +// WSDG Chapter Capture + +[#ChapterCapture] + +== Packet Capture + +**** +This chapter needs to be reviewed and extended. +**** + +[#ChCaptureAddLibpcap] + +=== Adding A New Capture Type To Libpcap + +For this discussion, let's assume you're working with libpcap 1.0 or +later. You probably don't want to work with a version older than 1.0, +even if whatever OS you're using happens to include libpcap - older +versions are not as friendly towards adding support for devices other +than standard network interfaces. + +First, read +link:https://www.tcpdump.org/libpcap-module-HOWTO.html[the +libpcap documentation on writing a new libpcap module] + +(It's currently incomplete, but I'll be finishing it up over time. If +you have contributions, feel free to submit pull requests for it.) + +If you had to introduce one or more new `{dlt-glob}` values, you will +also have to add support in Wireshark for those `{dlt-glob}` values to +_wiretap/pcap-common.c_, which might mean adding one or more +_WTAP_ENCAP_ types to _wtap.h_ and to the `encap_table[]` table in +_wiretap/wtap.c_. You'd then have to write a dissector or dissectors for +the link-layer protocols or protocols and have them register themselves +with the `wtap_encap` dissector table, with the appropriate _WTAP_ENCAP_ +values by calling `dissector_add_uint()`. + +[#ChCaptureExtcap] + +=== Adding Capture Interfaces And Log Sources Using Extcap + +The extcap interface is a versatile plugin interface that allows external binaries +to act as capture interfaces directly in Wireshark. It is used in scenarios, where +the source of the capture is not a traditional capture model (live capture from an +interface, from a pipe, from a file, etc). The typical example is connecting esoteric +hardware of some kind to the main Wireshark app. + +Without extcap, a capture can always be achieved by directly writing to a capture file: + +.Bash example for traditional capture with a capture file. +[source,bash] +---- +$ the-esoteric-binary --the-strange-flag --interface=stream1 --file dumpfile.pcap & +$ wireshark dumpfile.pcap +---- + +but the extcap interface allows for such a connection to be easily established and +configured using the Wireshark GUI. + +The extcap subsystem is made of multiple extcap binaries that are automatically +called by the GUI in a row. In the following chapters we will refer to them as +“the extcaps”. + +Extcaps may be any binary or script within the extcap directory. Please note, that +scripts need to be executable without prefacing a script interpreter before the call. + +IMPORTANT: *Windows Users* Because of restrictions directly calling the script may not always work. +In such a case, a batch file may be provided, which then in turn executes the script. +Please refer to <<ChCaptureExtcapWindowsShell>> for more information. + +When Wireshark launches an extcap, it automatically adds its installation path +(normally _C:\Program Files\Wireshark\_) to the DLL search path so that the extcap library dependencies +can be found (it is not designed to be launched by hand). This is done on purpose. There should +only be extcap programs (executables, Python scripts, etc.) in the extcap folder to reduce the startup +time and not have Wireshark trying to execute other file types. + +[#ChCaptureExtcapProcess] + +==== Extcap Command Line Interface + +The actual capture is run after a setup process that can be done manually by the +user or automatically by the GUI. All the steps performed are done for every extcap. + +Let's go through those steps. + +===== Query For Available Interfaces + +In the first step the extcap is queried for its interfaces. + +[source,bash] +---- +$ extcapbin --extcap-interfaces +---- + +This call must print the existing interfaces for this extcap and must return 0. +The output must conform to the grammar specified for extcap, and it is specified +in the doc/extcap.4 generated man page (in the build dir). + +Wireshark 2.9 and later also pass `--extcap-version=x.x`, which provides the calling Wireshark's major and minor version. +This can be used to change behavior depending on the Wireshark version in question. + +.Example call for interface query +[source,bash] +---- +$ extcap_example.py --extcap-interfaces --extcap-version=4.0 +extcap {version=1.0}{help=Some help url} +interface {value=example1}{display=Example interface 1 for extcap} +interface {value=example2}{display=Example interface 2 for extcap} +---- + +The *version* for the extcap sentence (which may exist as many times as is needed, but only +the last one will be used) will be used for displaying the version information of +the extcap interface in the about dialog of Wireshark. + +The value for each interface will be used in subsequent calls as the interface name <iface>. + +Using the help argument, an interface may provide a generic help URL for the extcap +utility. + +===== Ask For DLTs For Each Interface + +Next, the extcap binary is queried for all valid DLTs for all the interfaces returned by step 1. + +[source,bash] +---- +$ extcap_example.py --extcap-dlts --extcap-interface <iface> +---- + +This call must print the valid DLTs for the interface specified. This call is +made for all the interfaces and must return 0. + +.Example for the DLT query +[source,bash] +---- +$ extcap_example.py --extcap-interface IFACE --extcap-dlts +dlt {number=147}{name=USER1}{display=Demo Implementation for Extcap} +---- + +A binary or script which neither provides an interface list or a DLT list will not show up in the extcap interfaces list. + +===== The Extcap Configuration Interface + +The extcap binary is next asked for the configuration of each specific interface + +[source,bash] +---- +$ extcap_example.py --extcap-interface <iface> --extcap-config +---- + +Each interface can have custom options that are valid for this interface only. +Those config options are specified on the command line when running the actual +capture. To allow an end-user to specify certain options, such options may be +provided using the extcap config argument. + +To share which options are available for an interface, the extcap responds to the command `--extcap-config`, which shows all the available options (aka additional command line options). + +Those options are used to build a configuration dialog for the interface. + +.Example for interface options +[source,bash] +---- +$ extcap_example.py --extcap-interface <iface> --extcap-config +arg {number=0}{call=--delay}{display=Time delay}{tooltip=Time delay between packages}{type=integer}{range=1,15}{required=true} +arg {number=1}{call=--message}{display=Message}{tooltip=Package message content}{placeholder=Please enter a message here ...}{type=string} +arg {number=2}{call=--verify}{display=Verify}{tooltip=Verify package content}{type=boolflag} +arg {number=3}{call=--remote}{display=Remote Channel}{tooltip=Remote Channel Selector}{type=selector} +arg {number=4}{call=--server}{display=IP address for log server}{type=string}{validation=\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b} +value {arg=3}{value=if1}{display=Remote1}{default=true} +value {arg=3}{value=if2}{display=Remote2}{default=false} +---- + +Now the user can click on the options and change them. They are sent to the +extcap when the capture is launched. + +There are several kind of options available: + +[horizontal] +File:: +A path to a file displayed as a text entry and file selector. + +Flag:: +A boolean value displayed as a checkbox. +_boolflag_ for instance expects the option to be present resulting in the corresponding entry set to true or false. + +Selection:: +A set of fixed values displayed as a combobox, radio group, or selection list. +Selections can be presented multiple times in the command line. +Subsequent _value_ items must be provided in the config list. + +Timestamp:: +A time value displayed as a date/time editor. + +Value:: +A text or numeric value displayed as an entry box. +Values are passed as a single value via the command-line call. + +===== The Extcap Capture Process + +Once the interfaces are listed and configuration is customized by the user the capture can be started. + +[source,bash] +---- +$ extcap_example.py --extcap-interface <iface> [params] --capture [--extcap-capture-filter <cfilter>] + --fifo FIFO +---- + +To run the capture, the extcap must implement the `--capture`, `--extcap-capture-filter` +and `--fifo` options. + +They are automatically added by Wireshark, which opens the fifo for reading. +All the other options are automatically added to run the capture. +The extcap interface is used like all other interfaces (meaning that capture on multiple interfaces, as well as stopping and restarting the capture is supported). + +[#ChCaptureExtcapWindowsShell] + +====== Execute A Script-based Extcap On Windows + +Although Windows will run batch and PowerShell scripts directly, other scripting languages require extra effort. +In most cases this involves creating a wrapper script which runs the appropriate interpreter. +For example, in order to run a Python-based extcap, you can create _scriptname.bat_ inside your extcap folder with the following content: + +[source,batch] +---- +@echo off +C:\Windows\py.exe C:\Path\to\my\extcap.py %* +---- + +==== Extcap Arguments + +The extcap interface provides the possibility for generating a GUI dialog to +set and adapt settings for the extcap binary. + +All options must provide a number, by which they are identified. +No number may be provided twice. +All options must present the elements _call_ and _display_, with _call_ specifying the argument’s name on the command line and _display_ specifying the name in the GUI. + +Additionally _tooltip_ and _placeholder_ may be provided, which will give the user information about what to enter into this field. + +These options do have types, for which the following types are being supported: + +[horizontal] +_integer_, _unsigned_, _long_, _double_:: +This provides a field for entering a numeric value of the given data type. +A _default_ value may be provided, as well as a _range_. ++ +[source,python] +---- +arg {number=0}{call=--delay}{display=Time delay}{tooltip=Time delay between packages}{type=integer}{range=1,15}{default=0} +---- + +_string_:: +This provides a field for entering a text value. ++ +[source,python] +---- +arg {number=1}{call=--server}{display=IP Address}{tooltip=IP Address for log server}{type=string}{validation=\\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\b} +---- ++ +`validation` allows to provide a regular expression string, which is used to check the user input for validity beyond normal data type or range checks. Back-slashes must be escaped (as in \\b for \b) + +_password_:: +Lets the user provide a masked string to the capture. +Password strings are not saved with other capture settings. ++ +[source,python] +---- +arg {number=0}{call=--password}{display=The user password}{tooltip=The password for the connection}{type=password} +---- + +_boolean_, _boolflag_:: +This provides the possibility to set a true/false value. +_boolflag_ values will only appear in the command line if set to true, otherwise they will not be added to the command-line call for the extcap interface. ++ +[source,python] +---- +arg {number=2}{call=--verify}{display=Verify}{tooltip=Verify package content}{type=boolflag} +---- + +_fileselect_:: +Lets the user provide a file path. +If _mustexist=true_ is provided, the GUI shows the user a dialog for selecting a file. +When _mustexist=false_ is used, the GUI shows the user a file dialog for saving a file. ++ +[source,python] +---- +arg {number=3}{call=--logfile}{display=Logfile}{tooltip=A file for log messages}{type=fileselect}{mustexist=false} +---- + +_selector_, __editselector__, _radio_, _multicheck_:: +Option fields where the user may choose from one or more options. +If _parent_ is provided for the value items, the option fields for _multicheck_ and _selector_ are presented in a tree-like structure. +_selector_ and _radio_ values must present a default value, which will be the value provided to the extcap binary for this argument. +_editselector_ option fields let the user select from a list of items or enter a custom value. ++ +[source,python] +---- +arg {number=3}{call=--remote}{display=Remote Channel}{tooltip=Remote Channel Selector}{type=selector} +value {arg=3}{value=if1}{display=Remote1}{default=true} +value {arg=3}{value=if2}{display=Remote2}{default=false} +---- + +===== Reload A Selector + +A selector may be reloaded from the configuration dialog of the extcap application within Wireshark. With the reload argument (defaults to false), the entry can be marked as reloadable. + +[source,python] +---- +arg {number=3}{call=--remote}{display=Remote Channel}{tooltip=Remote Channel Selector}{type=selector}{reload=true}{placeholder=Load interfaces...} +---- + +After this has been defined, the user will get a button displayed in the configuration dialog for this extcap application, with the text "Load interfaces..." in this case, and a generic "Reload" text if no text has been provided. + +The extcap utility is then called again with all filled out arguments and the additional parameter `--extcap-reload-option <option_name>`. It is expected to return a value section for this option, as it would during normal configuration. The provided option list is then presented as the selection, a previous selected option will be reselected if applicable. + +===== Validation Of Arguments + +Arguments may be set with `{required=true}` which enforces a value being provided, before +a capture can be started using the extcap options dialog. This is not being checked, if +the extcap is started via a simple double-click. The necessary fields are marked for the +customer, to ensure a visibility for the end customer of the required argument. + +Additionally text and number arguments may also be checked using a regular expression, +which is provided using the validation attribute (see example above). The syntax for +such a check is the same as for Qt RegExp classes. This feature is only active in the +Qt version of Wireshark. + + +==== Toolbar Controls + +An extcap utility can provide configuration for controls to use in an interface toolbar. +These controls are bidirectional and can be used to control the extcap utility while +capturing. + +This is useful in scenarios where configuration can be done based on findings in the +capture process, setting temporary values or give other inputs without restarting the +current capture. + +.Example of interface definition with toolbar controls +[source,bash] +---- +$ extcap_example.py --extcap-interfaces +extcap {version=1.0}{display=Example extcap interface} +interface {value=example1}{display=Example interface 1 for extcap} +interface {value=example2}{display=Example interface 2 for extcap} +control {number=0}{type=string}{display=Message}{tooltip=Package message content. Must start with a capital letter.}{validation=[A-Z]+}{required=true} +control {number=1}{type=selector}{display=Time delay}{tooltip=Time delay between packages} +control {number=2}{type=boolean}{display=Verify}{default=true}{tooltip=Verify package content} +control {number=3}{type=button}{display=Turn on}{tooltip=Turn on or off} +control {number=4}{type=button}{role=logger}{display=Log}{tooltip=Show capture log} +value {control=1}{value=1}{display=1 sec} +value {control=1}{value=2}{display=2 sec}{default=true} +---- + +All controls will be presented as GUI elements in a toolbar specific to the extcap +utility. The extcap must not rely on using those controls (they are optional) because +of other capturing tools not using GUI (e.g. tshark, tfshark). + + +===== Controls + +The controls are similar to the _arguments_, but without the _call_ element. +All controls may be given a default value at startup and most can be changed during capture, both by the extcap and the user (depending on the type of control). + +All controls must provide a _number_, by which they are identified. +No _number_ may be provided twice. +All options must present the elements _type_ and _display_, where _type_ provides the type of control to add to the toolbar and _display_ providing the name in the GUI. + +Additionally _tooltip_ and _placeholder_ may be provided, which will give the user information about what to enter into this field. + +All controls, except from the logger, help and restore buttons, may be disabled +(and enabled) in GUI by the extcap during capture. This can be because of set-once +operations, or operations which takes some time to complete. + +All control values which are changed by the user (not equal to the default value) will +be sent to the extcap utility when starting a capture. The extcap utility may choose +to discard initial values and set new values, depending on implementation. + +These __type__s are defined as controls: + +[horizontal] +_boolean_:: +This provides a checkbox which lets the user set a true/false value. ++ +The extcap utility can set a default value at startup, and can change (set) and receive value changes while capturing. When starting a capture the GUI will send the value if different from the default value. ++ +The payload is one byte with binary value 0 or 1. ++ +Valid Commands: Set value, Enable, Disable. + +_button_:: This provides a button with different __role__s: + +_control_:::: +This button will send a signal when pressed. This is the default if no role is configured. +The button is only enabled when capturing. ++ +The extcap utility can set the button text at startup, and can change (set) the button text and receive button press signals while capturing. The button is disabled and the button text is restored to the default text when not capturing. ++ +The payload is either the button text or empty (signal). ++ +Valid Commands: Set value, Enable, Disable. + +_logger_:::: +This provides a logger mechanism where the extcap utility can send log entries to be presented in a log window. +This communication is unidirectional. ++ +The payload is the log entry, and should be ended with a newline. Maximum length is 65535 bytes. ++ +Valid Commands: Set log entry, Add log entry. ++ +The Set command will clear the log before adding the entry. + +_help_:::: +This button opens the help page, if configured. +This role has no controls and will not be used in communication. ++ +Valid Commands: None. + +_restore_:::: +This button will restore all control values to default. +This role has no controls and will not be used in communication. The button is only enabled when not capturing. ++ +Valid Commands: None. + +_selector_:: +This provides a combo box with fixed values which can be selected. ++ +The extcap utility can set default values at startup, and add and remove values and receive change in value selection while capturing. When starting a capture the GUI will send the value if different from the default value. ++ +The payload is a string with the value, and optionally a string with a display value if this is different from the value. This two string values are separated by a null character. ++ +Valid Commands: Set selected value, Add value, Remove value, Enable, Disable. ++ +If value is empty the Remove command will remove all entries. + +_string_:: +This provides a text edit line with the possibility to set a string or any value which can be represented in a string (integer, float, date, etc.). ++ +The extcap utility can set a default string value at startup, and can change (set) and receive value changes while capturing. When starting a capture the GUI will send the value if different from the default value. ++ +The payload is a string with the value. Maximum length is 32767 bytes. ++ +Valid Commands for control: Set value, Enable, Disable. ++ +The element VALIDATION allows to provide a regular expression string, which is used to check the user input for validity beyond normal data type or range checks. Back-slashes must be escaped (as in \\b for \b). + +===== Messages + +In addition to the controls it’s possible to send a single message from the extcap +utility to the user. This message can be put in the status bar or displayed in a +information, warning or error dialog which must be accepted by the user. This message +does not use the NUMBER argument so this can have any value. + +====== Control Protocol + +The protocol used to communicate over the control pipes has a fixed size header of +6 bytes and a payload with 0 - 65535 bytes. + +.Control packet: +[cols="^m", width="50%"] +|=== +|Sync Pipe Indication (1 byte) +|Message Length + + (3 bytes network order) +|Control Number (1 byte) +|Command (1 byte) +|Payload + + (0 - 65535 bytes) +|=== + +.Sync Pipe Indication +The common sync pipe indication. This protocol uses the value “T”. + +.Message Length +Payload length + 2 bytes for control number and command. + +.Control Number +Unique number to identify the control. This number also gives the order of the controls in the interface toolbar. + +.Commands and application for controls +[cols="1,2,3"] +|=== +|Command Byte|Command Name|Control type + +|0 |Initialized |none +|1 |Set |boolean / button / logger / selector / string +|2 |Add |logger / selector +|3 |Remove |selector +|4 |Enable |boolean / button / selector / string +|5 |Disable |boolean / button / selector / string +|6 |Statusbar message |none +|7 |Information message |none +|8 |Warning message |none +|9 |Error message |none +|=== + +The `Initialized` command will be sent from the GUI to the extcap utility when all +user changed control values are sent after starting a capture. This is an indication +that the GUI is ready to receive control values. + +The GUI will only send `Initialized` and `Set` commands. The extcap utility shall not +send the `Initialized` command. + +Messages with unknown control number or command will be silently ignored. + + +// End of WSDG Chapter Capture diff --git a/docbook/wsdg_src/wsdg_dissection.adoc b/docbook/wsdg_src/wsdg_dissection.adoc new file mode 100644 index 0000000..efc0a71 --- /dev/null +++ b/docbook/wsdg_src/wsdg_dissection.adoc @@ -0,0 +1,1498 @@ +// WSDG Chapter Dissection + +[#ChapterDissection] + +== Packet Dissection + +[#ChDissectWorks] + +=== How packet dissection works + +Each dissector decodes its part of the protocol and then hands off +decoding to subsequent dissectors for an encapsulated protocol. + +Every dissection starts with the Frame dissector which dissects the +details of the capture file itself (e.g. timestamps). From there it passes the +data on to the lowest-level data dissector, e.g. the Ethernet dissector for +the Ethernet header. The payload is then passed on to the next dissector (e.g. +IP) and so on. At each stage, details of the packet are decoded and +displayed. + +Dissectors can either be built-in to Wireshark or written as a self-registering +plugin (a shared library or DLL). +There is little difference in having your dissector as either a plugin +or built-in. You have limited function access through the ABI exposed +by functions declared as WS_DLL_PUBLIC. + +The big benefit of writing a dissector as a plugin is that rebuilding +a plugin is much faster than rebuilding wireshark after editing a built-in +dissector. +As such, starting with a plugin often makes initial development quicker, while +the finished code may make more sense as a built-in dissector. + +[NOTE] +.Read README.dissector +==== +The file _doc/README.dissector_ contains detailed information about writing +a dissector. In many cases it is more up to date than this document. +==== + +[#ChDissectAdd] + +=== Adding a basic dissector + +Let’s step through adding a basic dissector. We'll start with the made up "foo" +protocol. It consists of the following basic items. + +* A packet type - 8 bits. Possible values: 1 - initialisation, 2 - terminate, 3 - data. + +* A set of flags stored in 8 bits. 0x01 - start packet, 0x02 - end packet, 0x04 - priority packet. + +* A sequence number - 16 bits. + +* An IPv4 address. + +[#ChDissectSetup] + +==== Setting up the dissector + +The first decision you need to make is if this dissector will be a +built-in dissector and included in the main program, or a plugin. + +Plugins are easier to write initially, so let’s start with that. +With a little care, the plugin can be converted into a built-in dissector. + +.Dissector Initialisation. +[source,c] +---- +#include "config.h" +#include <epan/packet.h> + +#define FOO_PORT 1234 + +static int proto_foo = -1; + +void +proto_register_foo(void) +{ + proto_foo = proto_register_protocol ( + "FOO Protocol", /* name */ + "FOO", /* short name */ + "foo" /* filter_name */ + ); +} +---- + +Let’s go through this a bit at a time. First we have some boilerplate +include files. These will be pretty constant to start with. + +Then a `#define` for the UDP port that carries _foo_ traffic. + +Next we have `proto_foo`, an int that stores our protocol handle and is +initialised to `-1`. +This handle will be set when the dissector is registered within the main program. +It’s good practice to make all variables and functions that aren't exported +static to minimize name space pollution. This normally isn't a problem unless your +dissector gets so big that it spans multiple files. + +Now that we have the basics in place to interact with the main program, we'll +start with two protocol dissector setup functions: `proto_register_XXX` and +`proto_reg_handoff_XXX`. + +Each protocol must have a register function with the form "proto_register_XXX". +This function is used to register the protocol in Wireshark. +The code to call the register routines is generated automatically and is +called when Wireshark starts. In this example, the function is named +`proto_register_foo`. + +`proto_register_foo` calls `proto_register_protocol()`, which takes a `name`, +`short name`, and `filter_name`. The +name and short name are used in the "Preferences" and "Enabled protocols" +dialogs and the documentation's generated field name list. The +`filter_name` is used as the display filter name. `proto_register_protocol()` +returns a protocol handle, which can be used to refer to the protocol and +obtain a handle to the protocol's dissector. + + +Next we need a handoff routine. + +.Dissector Handoff. +[source,c] +---- +void +proto_reg_handoff_foo(void) +{ + static dissector_handle_t foo_handle; + + foo_handle = create_dissector_handle(dissect_foo, proto_foo); + dissector_add_uint("udp.port", FOO_PORT, foo_handle); +} +---- + +A handoff routine associates a protocol handler with the protocol's +traffic. It consists of two major steps: The first step is to create a +dissector handle, which is a handle associated with the protocol and the +function called to do the actual dissecting. +The second step is to register the dissector handle so that traffic +associated with the protocol calls the dissector. + +In this example, `proto_reg_handoff_foo()` calls `create_dissector_handle()` +to obtain a dissector handle for the foo protocol. It then uses +`dissector_add_uint()` to associate traffic on UDP port FOO_PORT (1234) +with the foo protocol, so that Wireshark will call `dissect_foo()` when +it receives UDP traffic on port 1234. + +Wireshark's dissector convention is to put `proto_register_foo()` and +`proto_reg_handoff_foo()` as the last two functions in the dissector source. + +The next step is to write the dissecting function, `dissect_foo()`. +We'll start with a basic placeholder. + +.Dissection. +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_) +{ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); + /* Clear the info column */ + col_clear(pinfo->cinfo,COL_INFO); + + return tvb_captured_length(tvb); +} +---- + +`dissect_foo()` is called to dissect the packets presented to it. The packet data +is held in a special buffer referenced here as `tvb`. The packet_info structure +contains general data about the protocol and we can update +information here. The tree parameter is where the detail dissection takes place. +Note that the `\_U_` following `tree` and `data` signals to the compiler that the +parameters are unused, so that the compiler does not print a warning. + +For now we'll do the minimum we can get away with. `col_set_str()` is used to set +Wireshark's Protocol column to "FOO" so everyone can see it’s being +recognised. The +only other thing we do is to clear out any data in the INFO column if it’s being +displayed. + +At this point we have a basic dissector ready to compile and install. +The dissector doesn't do anything other than identify the protocol and label it. +Here is the dissector's complete code: + +.Complete _packet-foo.c_:. +[source,c] +---- +#include "config.h" +#include <epan/packet.h> + +#define FOO_PORT 1234 + +static int proto_foo = -1; + +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree _U_, void *data _U_) +{ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); + /* Clear the info column */ + col_clear(pinfo->cinfo,COL_INFO); + + return tvb_captured_length(tvb); +} + +void +proto_register_foo(void) +{ + proto_foo = proto_register_protocol ( + "FOO Protocol", /* name */ + "FOO", /* short_name */ + "foo" /* filter_name */ + ); +} + +void +proto_reg_handoff_foo(void) +{ + static dissector_handle_t foo_handle; + + foo_handle = create_dissector_handle(dissect_foo, proto_foo); + dissector_add_uint("udp.port", FOO_PORT, foo_handle); +} + +---- + +To compile this dissector and create a plugin a few support files +are required, besides the dissector source in _packet-foo.c_: + +* _CMakeLists.txt_ - Contains the CMake file and version info for this plugin. + +* _packet-foo.c_ - Your dissector source. + +* _plugin.rc.in_ - Contains the DLL resource template for Windows. (optional) + +Samples of these files are available in the gryphon plugin directory +(plugins/epan/gryphon). +If you copy the files from the gryphon plugin, _CMakeLists.txt_ will need +to be updated with the correct plugin name, version +info, and the relevant files to compile. + +In the main top-level source directory, copy _CMakeListsCustom.txt.example_ to +_CMakeListsCustom.txt_ and add the path of your plugin to the list in +`CUSTOM_PLUGIN_SRC_DIR`. + +Compile the dissector to a DLL or shared library and either run Wireshark from +the build directory as detailed in <<ChSrcRunFirstTime>> or copy the plugin +binary into the plugin directory of your Wireshark installation and run that. + +[#ChDissectDetails] + +==== Dissecting the protocol's details + +Now that we have our basic dissector up and running, let’s do something with it. +The simplest thing to start with is labeling the payload. We can label the +payload by building a subtree to decode our results into. +This subtree will hold all the protocol's details and +helps keep things looking nice in the detailed display. + +We add the new subtree with `proto_tree_add_item()`, as is depicted below: + +.Plugin Packet Dissection. +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); + /* Clear out stuff in the info column */ + col_clear(pinfo->cinfo,COL_INFO); + + proto_item *ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + + return tvb_captured_length(tvb); +} +---- + +As the `FOO` protocol does not encapsulate another protocol, we +consume all of the tvb's data, from `0` to the end (`-1`). + +The final parameter specifies the "encoding" and is set to +`ENC_NA` ("not applicable"), as the protocol doesn't specifically +use big endian (`ENC_BIG_ENDIAN`) or little endian (`ENC_LITTLE_ENDIAN`). + +After adding the call to +`proto_tree_add_item()` +, there should be a label `FOO` in the protocol's detailed display. +Selecting this label will highlight the remaining contents of the packet. + +Now let’s go to the next step and add some protocol dissection. To do this +we'll need to construct tables to define which fields will be present in the +packet and to store the opened/closed state of the subtree. We'll +add these statically allocated arrays to the beginning of the file +and name them +`hf_register_info` ('hf' is short for 'header field') and `ett`. +The arrays wil then registered after the call to +`proto_register_protocol()` by calling `proto_register_field_array()` +and `proto_register_subtree_array()`: + +.Registering data structures. +[source,c] +---- +static int hf_foo_pdu_type = -1; +static int ett_foo = -1; + +/* ... */ + +void +proto_register_foo(void) +{ + static hf_register_info hf[] = { + { &hf_foo_pdu_type, + { "FOO PDU Type", "foo.type", + FT_UINT8, BASE_DEC, + NULL, 0x0, + NULL, HFILL } + } + }; + + /* Setup protocol subtree array */ + static int *ett[] = { + &ett_foo + }; + + proto_foo = proto_register_protocol ( + "FOO Protocol", /* name */ + "FOO", /* short_name */ + "foo" /* filter_name*/ + ); + + proto_register_field_array(proto_foo, hf, array_length(hf)); + proto_register_subtree_array(ett, array_length(ett)); +} +---- + +As you can see, a field `foo.type` was defined inside the array of +header fields. + +Now we can dissect the `FOO PDU Type` (referenced as `foo.type`) +field in `dissect_foo()` by adding +the FOO Protocol's subtree with `proto_item_add_subtree()` and +then calling `proto_tree_add_item()` to add the field: + +.Dissector starting to dissect the packets. +[source,c] +---- + proto_item *ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + proto_tree *foo_tree = proto_item_add_subtree(ti, ett_foo); + proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, 0, 1, ENC_BIG_ENDIAN); +---- + +As mentioned earlier, the foo protocol begins with an 8-bit `packet type` +which can have three possible values: 1 - initialisation, 2 - terminate, 3 - data. +Here's how we can add the packet details: + +The `proto_item_add_subtree()` call has added a child node +to the protocol tree which is where we will do our detail dissection. +The expansion of this node is controlled by the `ett_foo` +variable. This remembers if the node should be expanded or not as you move +between packets. All subsequent dissection will be added to this tree, +as you can see from the next call. +A call to `proto_tree_add_item()` in the foo_tree, +this time using the `hf_foo_pdu_type` to control the formatting +of the item. The pdu type is one byte of data, starting at 0. We assume it is +in network order (also called big endian), so that is why we use `ENC_BIG_ENDIAN`. +For a 1-byte quantity, there is no order issue, but it is good practice to +make this the same as any multibyte fields that may be present, and as we will +see in the next section, this particular protocol uses network order. + +If we look in detail at the `hf_foo_pdu_type` declaration in +the static array we can see the details of the definition. + +---- +static hf_register_info hf[] = { + { &hf_foo_pdu_type, + { "FOO PDU Type", "foo.type", + FT_UINT8, BASE_DEC, + NULL, 0x0, + NULL, HFILL } + } +}; +---- + +* _hf_foo_pdu_type_ - The node's index. + +* _FOO PDU Type_ - The item's label. + +* _foo.type_ - The item's abbreviated name, for use in the display filter +(e.g., `foo.type=1`). + +* _FT_UINT8_ - The item's type: An 8bit unsigned integer. +This tallies with our call above where we tell it to only look at one byte. + +* _BASE_DEC_ - For an integer type, this tells it to be printed as a decimal +number. It could be hexadecimal (BASE_HEX) or octal (BASE_OCT) if that made more sense. + +We'll ignore the rest of the structure for now. + +If you install this plugin and try it out, you'll see something that begins to look +useful. + +Now let’s finish off dissecting the simple protocol. We need to add a few +more variables to the hfarray, and a couple more procedure calls. + +.Wrapping up the packet dissection. +[source,c] +---- +... +static int hf_foo_flags = -1; +static int hf_foo_sequenceno = -1; +static int hf_foo_initialip = -1; +... + +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + int offset = 0; + + ... + proto_item *ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + proto_tree *foo_tree = proto_item_add_subtree(ti, ett_foo); + proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + proto_tree_add_item(foo_tree, hf_foo_flags, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + proto_tree_add_item(foo_tree, hf_foo_sequenceno, tvb, offset, 2, ENC_BIG_ENDIAN); + offset += 2; + proto_tree_add_item(foo_tree, hf_foo_initialip, tvb, offset, 4, ENC_BIG_ENDIAN); + offset += 4; + ... + + return tvb_captured_length(tvb); +} + +void +proto_register_foo(void) { + ... + ... + { &hf_foo_flags, + { "FOO PDU Flags", "foo.flags", + FT_UINT8, BASE_HEX, + NULL, 0x0, + NULL, HFILL } + }, + { &hf_foo_sequenceno, + { "FOO PDU Sequence Number", "foo.seqn", + FT_UINT16, BASE_DEC, + NULL, 0x0, + NULL, HFILL } + }, + { &hf_foo_initialip, + { "FOO PDU Initial IP", "foo.initialip", + FT_IPv4, BASE_NONE, + NULL, 0x0, + NULL, HFILL } + }, + ... + ... +} +... +---- + +This dissects all the bits of this simple hypothetical protocol. We've +introduced a new variable offsetinto the mix to help keep track of where we are +in the packet dissection. With these extra bits in place, the whole protocol is +now dissected. + +==== Improving the dissection information + +We can certainly improve the display of the protocol with a bit of extra data. +The first step is to add some text labels. Let’s start by labeling the packet +types. There is some useful support for this sort of thing by adding a couple of +extra things. First we add a simple table of type to name. + + +.Naming the packet types. +[source,c] +---- +static const value_string packettypenames[] = { + { 1, "Initialise" }, + { 2, "Terminate" }, + { 3, "Data" }, + { 0, NULL } +}; +---- + +This is a handy data structure that can be used to look up a name for a value. +There are routines to directly access this lookup table, but we don't need to +do that, as the support code already has that added in. We just have to give +these details to the appropriate part of the data, using the `VALS` macro. + +.Adding Names to the protocol. +[source,c] +---- + { &hf_foo_pdu_type, + { "FOO PDU Type", "foo.type", + FT_UINT8, BASE_DEC, + VALS(packettypenames), 0x0, + NULL, HFILL } + } +---- + +This helps in deciphering the packets, and we can do a similar thing for the +flags structure. For this we need to add some more data to the table though. + +.Adding Flags to the protocol. +[source,c] +---- +#define FOO_START_FLAG 0x01 +#define FOO_END_FLAG 0x02 +#define FOO_PRIORITY_FLAG 0x04 + +static int hf_foo_startflag = -1; +static int hf_foo_endflag = -1; +static int hf_foo_priorityflag = -1; + +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + ... + ... + static int* const bits[] = { + &hf_foo_startflag, + &hf_foo_endflag, + &hf_foo_priorityflag, + NULL + }; + + proto_tree_add_bitmask(foo_tree, tvb, offset, hf_foo_flags, ett_foo, bits, ENC_BIG_ENDIAN); + offset += 1; + ... + ... + return tvb_captured_length(tvb); +} + +void +proto_register_foo(void) { + ... + ... + { &hf_foo_startflag, + { "FOO PDU Start Flags", "foo.flags.start", + FT_BOOLEAN, 8, + NULL, FOO_START_FLAG, + NULL, HFILL } + }, + { &hf_foo_endflag, + { "FOO PDU End Flags", "foo.flags.end", + FT_BOOLEAN, 8, + NULL, FOO_END_FLAG, + NULL, HFILL } + }, + { &hf_foo_priorityflag, + { "FOO PDU Priority Flags", "foo.flags.priority", + FT_BOOLEAN, 8, + NULL, FOO_PRIORITY_FLAG, + NULL, HFILL } + }, + ... + ... +} +... +---- + +Some things to note here. For the flags, as each bit is a different flag, we use +the type `FT_BOOLEAN`, as the flag is either on or off. Second, we include the flag +mask in the 7th field of the data, which allows the system to mask the relevant bit. +We've also changed the 5th field to 8, to indicate that we are looking at an 8 bit +quantity when the flags are extracted. Then finally we add the extra constructs +to the dissection routine. + +This is starting to look fairly full featured now, but there are a couple of +other things we can do to make things look even more pretty. At the moment our +dissection shows the packets as "Foo Protocol" which whilst correct is a little +uninformative. We can enhance this by adding a little more detail. First, let’s +get hold of the actual value of the protocol type. We can use the handy function +`tvb_get_guint8()` to do this. With this value in hand, there are a couple of +things we can do. First we can set the INFO column of the non-detailed view to +show what sort of PDU it is - which is extremely helpful when looking at +protocol traces. Second, we can also display this information in the dissection +window. + +.Enhancing the display. +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + int offset = 0; + uint8_t packet_type = tvb_get_guint8(tvb, 0); + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "FOO"); + /* Clear out stuff in the info column */ + col_clear(pinfo->cinfo,COL_INFO); + col_add_fstr(pinfo->cinfo, COL_INFO, "Type %s", + val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); + + proto_item *ti = proto_tree_add_item(tree, proto_foo, tvb, 0, -1, ENC_NA); + proto_item_append_text(ti, ", Type %s", + val_to_str(packet_type, packettypenames, "Unknown (0x%02x)")); + proto_tree *foo_tree = proto_item_add_subtree(ti, ett_foo); + proto_tree_add_item(foo_tree, hf_foo_pdu_type, tvb, offset, 1, ENC_BIG_ENDIAN); + offset += 1; + + return tvb_captured_length(tvb); +} +---- + +So here, after grabbing the value of the first 8 bits, we use it with one of the +built-in utility routines `val_to_str()`, to lookup the value. If the value +isn't found we provide a fallback which just prints the value in hex. We use +this twice, once in the INFO field of the columns -- if it’s displayed, and +similarly we append this data to the base of our dissecting tree. + +[#ChDissectExpertInfo] + +=== How to add an expert item + +A dissector showing the protocol fields and interpretation of their values is +very informative. It can be even more helpful if the dissector can draw your +attention to fields where something noteworthy can be seen. This can be something +as simple as the start flag of a session, or something more severe as an invalid +value. + +Here we take our dissector for `FOO` and add an expert item for the sequence +number being zero (assuming that's a noteworthy thing for this protocol). + +.Expert item setup. +[source,c] +---- +#include <epan/expert.h> + +static expert_field ei_foo_seqn_zero = EI_INIT; + +/* ... */ + +void +proto_register_foo(void) +{ + /* ... */ + expert_module_t* expert_foo; + + /* ... */ + static ei_register_info ei[] = { + { + &ei_foo_seqn_zero, + { "foo.seqn_zero", PI_SEQUENCE, PI_CHAT, + "Sequence number is zero", EXPFILL } + } + }; + + /* ... */ + expert_foo = expert_register_protocol(proto_foo); + expert_register_field_array(expert_foo, ei, array_length(ei)); +} +---- + +Let's go through this step by step. The data structures and functions needed for +expert items are found in epan/expert.h, so we have to include that file. + +Next we have to allocate an `expert_field` structure for every type of expert item +we would like to add to the dissection. This structure is initialised with `EI_INIT`. + +Now we have to register with the protocol we are providing expert info for. Since +we already have a function to register our protocol, we add the expert info +registration there too. This is done by calling `expert_register_protocol()` with +the handle for the protocol we received earlier in this function. + +Next we need to register an array of definitions of expert items that we would +like to add to the dissection. This array, not unlike the array of header fields +before, contains all the data the dissection engine needs to create and handle +the expert items. + +The expert item definition consists of a pointer to the `expert_field` structure +we defined before and a structure with data elements of the expert item itself. + +* _"foo.seqn_zero"_ - The expert items display filter + +* _PI_SEQUENCE_ - The group to which the expert item belongs + +* _PI_CHAT_ - The severity of the expert item + +* _"Sequence number is zero"_ - The text string added to the dissection + +We'll ignore the rest of the structure for now. + +To keep an overview of lots of expert items it helps to categorize them into groups. +Currently there are several types of groups defined, e.g. `checksum`, `sequence`, +`protocol`, etc. All these are defined in the epan/proto.h header file. + +Not every noteworthy field value is of equal severity. The start of a session +is nice to know, while an invalid value may be significant error in the protocol. +To differentiate between these severties the expert item is assigned one of them: +`comment`, `chat`, `note`, `warn` or `error`. Try to choose the lowest one which +is suitable. The topic you're currently working on seems probably more important +than it will look like in a few weeks. + +With the expert item array setup, we add this to the dissection engine with a +call to `expert_register_field_array()`. + +Now that all information of the expert item is defined and registered it's time +to actually add the expert item to the dissection. + +.Expert item use. +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + uint32_t sequenceno = 0xFFFF; + + /* ... */ + + ti = proto_tree_add_item_ret_uint(foo_tree, hf_foo_sequenceno, + tvb, offset, 2, ENC_BIG_ENDIAN, &sequenceno); + if (sequenceno == 0) { + expert_add_info(pinfo, ti, &ei_foo_seqn_zero); + } + + /* ... */ +} +---- + +There's been a slight alteration to the function used to add the sequence number +dissection. First the proto_item created by the function is saved in previously +defined variable `ti`, and the actual value of the field is stored in the variable +`sequenceno`. We can now use the value of this field to determine wether to add +the expert item. + +Adding the expert item is simply done by calling `expert_add_info()` with reference +to the `packet_info` structure, the proto item `ti` to add the expert item to and +the previously defined and registered expert item information. + +[#ChDissectTransformed] + +=== How to handle transformed data + +Some protocols do clever things with data. They might possibly +encrypt the data, or compress data, or part of it. If you know +how these steps are taken it is possible to reverse them within the +dissector. + +As encryption can be tricky, let’s consider the case of compression. +These techniques can also work for other transformations of data, +where some step is required before the data can be examined. + +What basically needs to happen here, is to identify the data that needs +conversion, take that data and transform it into a new stream, and then call a +dissector on it. Often this needs to be done "on-the-fly" based on clues in the +packet. Sometimes this needs to be used in conjunction with other techniques, +such as packet reassembly. The following shows a technique to achieve this +effect. + +.Decompressing data packets for dissection. +[source,c] +---- + uint8_t flags = tvb_get_guint8(tvb, offset); + offset ++; + if (flags & FLAG_COMPRESSED) { /* the remainder of the packet is compressed */ + uint16_t orig_size = tvb_get_ntohs(tvb, offset); + unsigned char *decompressed_buffer = (unsigned char*)wmem_alloc(pinfo->pool, orig_size); + offset += 2; + decompress_packet(tvb_get_ptr(tvb, offset, -1), + tvb_captured_length_remaining(tvb, offset), + decompressed_buffer, orig_size); + /* Now re-setup the tvb buffer to have the new data */ + next_tvb = tvb_new_child_real_data(tvb, decompressed_buffer, orig_size, orig_size); + add_new_data_source(pinfo, next_tvb, "Decompressed Data"); + } else { + next_tvb = tvb_new_subset_remaining(tvb, offset); + } + offset = 0; + /* process next_tvb from here on */ +---- + +The first steps here are to recognise the compression. In this case a flag byte +alerts us to the fact the remainder of the packet is compressed. Next we +retrieve the original size of the packet, which in this case is conveniently +within the protocol. If it’s not, it may be part of the compression routine to +work it out for you, in which case the logic would be different. + +So armed with the size, a buffer is allocated to receive the uncompressed data +using `wmem_alloc()` in pinfo->pool memory, and the packet is decompressed into +it. The `tvb_get_ptr()` function is useful to get a pointer to the raw data of +the packet from the offset onwards. In this case the decompression routine also +needs to know the length, which is given by the +`tvb_captured_length_remaining()` function. + +Next we build a new tvb buffer from this data, using the +`tvb_new_child_real_data()` call. This data is a child of our original data, so +calling this function also acknowledges that. No need to call +`tvb_set_free_cb()` as the pinfo->pool was used (the memory block will be +automatically freed when the pinfo pool lifetime expires). Finally we add this +tvb as a new data source, so that the detailed display can show the +decompressed bytes as well as the original. + +After this has been set up the remainder of the dissector can dissect the buffer +next_tvb, as it’s a new buffer the offset needs to be 0 as we start again from +the beginning of this buffer. To make the rest of the dissector work regardless +of whether compression was involved or not, in the case that compression was not +signaled, we use `tvb_new_subset_remaining()` to deliver us a new buffer based +on the old one but starting at the current offset, and extending to the end. +This makes dissecting the packet from this point on exactly the same regardless +of compression. + +[#ChDissectReassemble] + +=== How to reassemble split packets + +Some protocols have times when they have to split a large packet across +multiple other packets. In this case the dissection can't be carried out correctly +until you have all the data. The first packet doesn't have enough data, +and the subsequent packets don't have the expect format. +To dissect these packets you need to wait until all the parts have +arrived and then start the dissection. + +The following sections will guide you through two common cases. For a +description of all possible functions, structures and parameters, see +_epan/reassemble.h_. + +[#ChDissectReassembleUdp] + +==== How to reassemble split UDP packets + +As an example, let’s examine a protocol that is layered on top of UDP that +splits up its own data stream. If a packet is bigger than some given size, it +will be split into chunks, and somehow signaled within its protocol. + +To deal with such streams, we need several things to trigger from. We need to +know that this packet is part of a multi-packet sequence. We need to know how +many packets are in the sequence. We also need to know when we have all the +packets. + +For this example we'll assume there is a simple in-protocol signaling mechanism +to give details. A flag byte that signals the presence of a multi-packet +sequence and also the last packet, followed by an ID of the sequence and a +packet sequence number. + +---- +msg_pkt ::= SEQUENCE { + ..... + flags ::= SEQUENCE { + fragment BOOLEAN, + last_fragment BOOLEAN, + ..... + } + msg_id INTEGER(0..65535), + frag_id INTEGER(0..65535), + ..... +} +---- + +.Reassembling fragments - Part 1 +[source,c] +---- +#include <epan/reassemble.h> + ... +save_fragmented = pinfo->fragmented; +flags = tvb_get_guint8(tvb, offset); offset++; +if (flags & FL_FRAGMENT) { /* fragmented */ + tvbuff_t* new_tvb = NULL; + fragment_data *frag_msg = NULL; + uint16_t msg_seqid = tvb_get_ntohs(tvb, offset); offset += 2; + uint16_t msg_num = tvb_get_ntohs(tvb, offset); offset += 2; + + pinfo->fragmented = true; + frag_msg = fragment_add_seq_check(msg_reassembly_table, + tvb, offset, pinfo, + msg_seqid, NULL, /* ID for fragments belonging together */ + msg_num, /* fragment sequence number */ + tvb_captured_length_remaining(tvb, offset), /* fragment length - to the end */ + flags & FL_FRAG_LAST); /* More fragments? */ +---- + +We start by saving the fragmented state of this packet, so we can restore it +later. Next comes some protocol specific stuff, to dig the fragment data out of +the stream if it’s present. Having decided it is present, we let the function +`fragment_add_seq_check()` do its work. We need to provide this with a certain +amount of parameters: + +* The `msg_reassembly_table` table is for bookkeeping and is described later. + +* The tvb buffer we are dissecting. + +* The offset where the partial packet starts. + +* The provided packet info. + +* The sequence number of the fragment stream. There may be several streams of + fragments in flight, and this is used to key the relevant one to be used for + reassembly. + +* Optional additional data for identifying the fragment. Can be set to `NULL` + (as is done in the example) for most dissectors. + +* msg_num is the packet number within the sequence. + +* The length here is specified as the rest of the tvb as we want the rest of the packet data. + +* Finally a parameter that signals if this is the last fragment or not. This + might be a flag as in this case, or there may be a counter in the protocol. + +.Reassembling fragments part 2 +[source,c] +---- + new_tvb = process_reassembled_data(tvb, offset, pinfo, + "Reassembled Message", frag_msg, &msg_frag_items, + NULL, msg_tree); + + if (frag_msg) { /* Reassembled */ + col_append_str(pinfo->cinfo, COL_INFO, + " (Message Reassembled)"); + } else { /* Not last packet of reassembled Short Message */ + col_append_fstr(pinfo->cinfo, COL_INFO, + " (Message fragment %u)", msg_num); + } + + if (new_tvb) { /* take it all */ + next_tvb = new_tvb; + } else { /* make a new subset */ + next_tvb = tvb_new_subset_remaining(tvb, offset); + } +} +else { /* Not fragmented */ + next_tvb = tvb_new_subset_remaining(tvb, offset); +} + +..... +pinfo->fragmented = save_fragmented; +---- + +Having passed the fragment data to the reassembly handler, we can now check if +we have the whole message. If there is enough information, this routine will +return the newly reassembled data buffer. + +After that, we add a couple of informative messages to the display to show that +this is part of a sequence. Then a bit of manipulation of the buffers and the +dissection can proceed. Normally you will probably not bother dissecting further +unless the fragments have been reassembled as there won't be much to find. +Sometimes the first packet in the sequence can be partially decoded though if +you wish. + +Now the mysterious data we passed into the `fragment_add_seq_check()`. + +.Reassembling fragments - Initialisation +[source,c] +---- +static reassembly_table reassembly_table; + +static void +proto_register_msg(void) +{ + reassembly_table_register(&msg_reassemble_table, + &addresses_ports_reassembly_table_functions); +} +---- + +First a `reassembly_table` structure is declared and initialised in the protocol +initialisation routine. The second parameter specifies the functions that should +be used for identifying fragments. We will use +`addresses_ports_reassembly_table_functions` in order to identify fragments by +the given sequence number (`msg_seqid`), the source and destination addresses +and ports from the packet. + +Following that, a `fragment_items` structure is allocated and filled in with a +series of ett items, hf data items, and a string tag. The ett and hf values +should be included in the relevant tables like all the other variables your +protocol may use. The hf variables need to be placed in the structure something +like the following. Of course the names may need to be adjusted. + +.Reassembling fragments - Data +[source,c] +---- +... +static int hf_msg_fragments = -1; +static int hf_msg_fragment = -1; +static int hf_msg_fragment_overlap = -1; +static int hf_msg_fragment_overlap_conflicts = -1; +static int hf_msg_fragment_multiple_tails = -1; +static int hf_msg_fragment_too_long_fragment = -1; +static int hf_msg_fragment_error = -1; +static int hf_msg_fragment_count = -1; +static int hf_msg_reassembled_in = -1; +static int hf_msg_reassembled_length = -1; +... +static int ett_msg_fragment = -1; +static int ett_msg_fragments = -1; +... +static const fragment_items msg_frag_items = { + /* Fragment subtrees */ + &ett_msg_fragment, + &ett_msg_fragments, + /* Fragment fields */ + &hf_msg_fragments, + &hf_msg_fragment, + &hf_msg_fragment_overlap, + &hf_msg_fragment_overlap_conflicts, + &hf_msg_fragment_multiple_tails, + &hf_msg_fragment_too_long_fragment, + &hf_msg_fragment_error, + &hf_msg_fragment_count, + /* Reassembled in field */ + &hf_msg_reassembled_in, + /* Reassembled length field */ + &hf_msg_reassembled_length, + /* Tag */ + "Message fragments" +}; +... +static hf_register_info hf[] = +{ +... +{&hf_msg_fragments, + {"Message fragments", "msg.fragments", + FT_NONE, BASE_NONE, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment, + {"Message fragment", "msg.fragment", + FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_overlap, + {"Message fragment overlap", "msg.fragment.overlap", + FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_overlap_conflicts, + {"Message fragment overlapping with conflicting data", + "msg.fragment.overlap.conflicts", + FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_multiple_tails, + {"Message has multiple tail fragments", + "msg.fragment.multiple_tails", + FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_too_long_fragment, + {"Message fragment too long", "msg.fragment.too_long_fragment", + FT_BOOLEAN, 0, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_error, + {"Message defragmentation error", "msg.fragment.error", + FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_fragment_count, + {"Message fragment count", "msg.fragment.count", + FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_reassembled_in, + {"Reassembled in", "msg.reassembled.in", + FT_FRAMENUM, BASE_NONE, NULL, 0x00, NULL, HFILL } }, +{&hf_msg_reassembled_length, + {"Reassembled length", "msg.reassembled.length", + FT_UINT32, BASE_DEC, NULL, 0x00, NULL, HFILL } }, +... +static int *ett[] = +{ +... +&ett_msg_fragment, +&ett_msg_fragments +... +---- + +These hf variables are used internally within the reassembly routines to make +useful links, and to add data to the dissection. It produces links from one +packet to another, such as a partial packet having a link to the fully +reassembled packet. Likewise there are back pointers to the individual packets +from the reassembled one. The other variables are used for flagging up errors. + +[#TcpDissectPdus] + +==== How to reassemble split TCP Packets + +A dissector gets a `tvbuff_t` pointer which holds the payload +of a TCP packet. This payload contains the header and data +of your application layer protocol. + +When dissecting an application layer protocol you cannot assume +that each TCP packet contains exactly one application layer message. +One application layer message can be split into several TCP packets. + +You also cannot assume that a TCP packet contains only one application layer message +and that the message header is at the start of your TCP payload. +More than one messages can be transmitted in one TCP packet, +so that a message can start at an arbitrary position. + +This sounds complicated, but there is a simple solution. +`tcp_dissect_pdus()` does all this tcp packet reassembling for you. +This function is implemented in _epan/dissectors/packet-tcp.h_. + +.Reassembling TCP fragments +[source,c] +---- +#include "config.h" + +#include <epan/packet.h> +#include <epan/prefs.h> +#include "packet-tcp.h" + +... + +#define FRAME_HEADER_LEN 8 + +/* This method dissects fully reassembled messages */ +static int +dissect_foo_message(tvbuff_t *tvb, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) +{ + /* TODO: implement your dissecting code */ + return tvb_captured_length(tvb); +} + +/* determine PDU length of protocol foo */ +static unsigned +get_foo_message_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset, void *data _U_) +{ + /* TODO: change this to your needs */ + return (unsigned)tvb_get_ntohl(tvb, offset+4); /* e.g. length is at offset 4 */ +} + +/* The main dissecting routine */ +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data) +{ + tcp_dissect_pdus(tvb, pinfo, tree, true, FRAME_HEADER_LEN, + get_foo_message_len, dissect_foo_message, data); + return tvb_captured_length(tvb); +} + +... +---- + +As you can see this is really simple. Just call `tcp_dissect_pdus()` in your +main dissection routine and move you message parsing code into another function. +This function gets called whenever a message has been reassembled. + +The parameters tvb, pinfo, tree and data are just handed over to +`tcp_dissect_pdus()`. The 4th parameter is a flag to indicate if the data should +be reassembled or not. This could be set according to a dissector preference as +well. Parameter 5 indicates how much data has at least to be available to be +able to determine the length of the foo message. Parameter 6 is a function +pointer to a method that returns this length. It gets called when at least the +number of bytes given in the previous parameter is available. Parameter 7 is a +function pointer to your real message dissector. Parameter 8 is the data +passed in from parent dissector. + +Protocols which need more data before the message length can be determined can +return zero. Other values smaller than the fixed length will result in an +exception. + +[#ChDissectTap] + +=== How to tap protocols + +Adding a Tap interface to a protocol allows it to do some useful things. +In particular you can produce protocol statistics from the tap interface. + +A tap is basically a way of allowing other items to see what’s happening as +a protocol is dissected. A tap is registered with the main program, and +then called on each dissection. Some arbitrary protocol specific data +is provided with the routine that can be used. + +To create a tap, you first need to register a tap. A tap is registered with an +integer handle, and registered with the routine `register_tap()`. This takes a +string name with which to find it again. + +.Initialising a tap +[source,c] +---- +#include <epan/packet.h> +#include <epan/tap.h> + +static int foo_tap = -1; + +struct FooTap { + int packet_type; + int priority; + ... +}; + +void proto_register_foo(void) +{ + ... + foo_tap = register_tap("foo"); +---- + +Whilst you can program a tap without protocol specific data, it is generally not +very useful. Therefore it’s a good idea to declare a structure that can be +passed through the tap. This needs to be a static structure as it will be used +after the dissection routine has returned. It’s generally best to pick out some +generic parts of the protocol you are dissecting into the tap data. A packet +type, a priority or a status code maybe. The structure really needs to be +included in a header file so that it can be included by other components that +want to listen in to the tap. + +Once you have these defined, it’s simply a case of populating the protocol +specific structure and then calling `tap_queue_packet`, probably as the last part +of the dissector. + +.Calling a protocol tap +[source,c] +---- +static int +dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + ... + fooinfo = wmem_alloc(pinfo->pool, sizeof(struct FooTap)); + fooinfo->packet_type = tvb_get_guint8(tvb, 0); + fooinfo->priority = tvb_get_ntohs(tvb, 8); + ... + tap_queue_packet(foo_tap, pinfo, fooinfo); + + return tvb_captured_length(tvb); +} +---- + +This now enables those interested parties to listen in on the details +of this protocol conversation. + +[#ChDissectStats] + +=== How to produce protocol stats + +Given that you have a tap interface for the protocol, you can use this +to produce some interesting statistics (well presumably interesting!) from +protocol traces. + +This can be done in a separate plugin, or in the same plugin that is +doing the dissection. The latter scheme is better, as the tap and stats +module typically rely on sharing protocol specific data, which might get out +of step between two different plugins. + +Here is a mechanism to produce statistics from the above TAP interface. + +.Initialising a stats interface +[source,c] +---- +#include <epan/stats_tree.h> + +/* register all http trees */ +static void register_foo_stat_trees(void) { + stats_tree_register_plugin("foo", "foo", "Foo/Packet Types", 0, + foo_stats_tree_packet, foo_stats_tree_init, NULL); +} + +WS_DLL_PUBLIC_DEF void plugin_register_tap_listener(void) +{ + register_foo_stat_trees(); +} +---- + +Working from the bottom up, first the plugin interface entry point is defined, +`plugin_register_tap_listener()`. This simply calls the initialisation function +`register_foo_stat_trees()`. + +This in turn calls the `stats_tree_register_plugin()` function, which takes three +strings, an integer, and three callback functions. + +. This is the tap name that is registered. + +. An abbreviation of the stats name. + +. The name of the stats module. A “/” character can be used to make sub menus. + +. Flags for per-packet callback + +. The function that will called to generate the stats. + +. A function that can be called to initialise the stats data. + +. A function that will be called to clean up the stats data. + +In this case we only need the first two functions, as there is nothing specific to clean up. + +.Initialising a stats session +[source,c] +---- +static const uint8_t* st_str_packets = "Total Packets"; +static const uint8_t* st_str_packet_types = "FOO Packet Types"; +static int st_node_packets = -1; +static int st_node_packet_types = -1; + +static void foo_stats_tree_init(stats_tree* st) +{ + st_node_packets = stats_tree_create_node(st, st_str_packets, 0, STAT_DT_INT, true); + st_node_packet_types = stats_tree_create_pivot(st, st_str_packet_types, st_node_packets); +} +---- + +In this case we create a new tree node, to handle the total packets, +and as a child of that we create a pivot table to handle the stats about +different packet types. + + +.Generating the stats +[source,c] +---- +static tap_packet_status foo_stats_tree_packet(stats_tree* st, packet_info* pinfo, epan_dissect_t* edt, const void* p, tap_flags_t flags) +{ + struct FooTap *pi = (struct FooTap *)p; + tick_stat_node(st, st_str_packets, 0, false); + stats_tree_tick_pivot(st, st_node_packet_types, + val_to_str(pi->packet_type, packettypenames, "Unknown packet type (%d)")); + return TAP_PACKET_REDRAW; +} +---- + +In this case the processing of the stats is quite simple. First we call the +`tick_stat_node` for the `st_str_packets` packet node, to count packets. Then a +call to `stats_tree_tick_pivot()` on the `st_node_packet_types` subtree allows +us to record statistics by packet type. + +[#ChDissectConversation] + +=== How to use conversations + +Some info about how to use conversations in a dissector can be found in the file +_doc/README.dissector_, chapter 2.2. + +[#ChDissectIdl2wrs] + +=== __idl2wrs__: Creating dissectors from CORBA IDL files + +Many of Wireshark’s dissectors are automatically generated. This section shows +how to generate one from a CORBA IDL file. + +==== What is it? + +As you have probably guessed from the name, `idl2wrs` takes a user specified IDL +file and attempts to build a dissector that can decode the IDL traffic over +GIOP. The resulting file is “C” code, that should compile okay as a Wireshark +dissector. + +`idl2wrs` parses the data struct given to it by the `omniidl` compiler, +and using the GIOP API available in packet-giop.[ch], generates get_CDR_xxx +calls to decode the CORBA traffic on the wire. + +It consists of 4 main files. + +README.idl2wrs:: +This document + +wireshark_be.py:: +The main compiler backend + +wireshark_gen.py:: +A helper class, that generates the C code. + +idl2wrs:: +A simple shell script wrapper that the end user should use to generate the +dissector from the IDL file(s). + +==== Why do this? + +It is important to understand what CORBA traffic looks like over GIOP/IIOP, and +to help build a tool that can assist in troubleshooting CORBA interworking. This +was especially the case after seeing a lot of discussions about how particular +IDL types are represented inside an octet stream. + +I have also had comments/feedback that this tool would be good for say a CORBA +class when teaching students what CORBA traffic looks like “on the wire”. + +It is also COOL to work on a great Open Source project such as the case with +“Wireshark” ({wireshark-main-url}). + + +==== How to use idl2wrs + +To use the idl2wrs to generate Wireshark dissectors, you need the following: + +* Python must be installed. See link:https://python.org/[] + +* `omniidl` from the omniORB package must be available. See link:http://omniorb.sourceforge.net/[] + +* Of course you need Wireshark installed to compile the code and tweak it if +required. idl2wrs is part of the standard Wireshark distribution + +To use idl2wrs to generate an Wireshark dissector from an idl file use the following procedure: + +* To write the C code to stdout. ++ +-- +---- +$ idl2wrs <your_file.idl> +---- + +e.g.: + +---- +$ idl2wrs echo.idl +---- +-- + +* To write to a file, just redirect the output. ++ +-- +---- +$ idl2wrs echo.idl > packet-test-idl.c +---- + +You may wish to comment out the register_giop_user_module() code and that will +leave you with heuristic dissection. + +If you don't want to use the shell script wrapper, then try steps 3 or 4 instead. +-- + +* To write the C code to stdout. ++ +-- +---- +$ omniidl -p ./ -b wireshark_be <your file.idl> +---- + +e.g.: + +---- +$ omniidl -p ./ -b wireshark_be echo.idl +---- +-- + +* To write to a file, just redirect the output. ++ +-- +---- +$ omniidl -p ./ -b wireshark_be echo.idl > packet-test-idl.c +---- + +You may wish to comment out the register_giop_user_module() code and that will +leave you with heuristic dissection. +-- + +* Copy the resulting C code to subdirectory epan/dissectors/ inside your +Wireshark source directory. ++ +-- +---- +$ cp packet-test-idl.c /dir/where/wireshark/lives/epan/dissectors/ +---- + +The new dissector has to be added to CMakeLists.txt in the same directory. Look +for the declaration DISSECTOR_SRC and add the new dissector there. For +example, + +---- +DISSECTOR_SRC = \ + ${CMAKE_CURRENT_SOURCE_DIR}/packet-2dparityfec.c + ${CMAKE_CURRENT_SOURCE_DIR}/packet-3com-njack.c + ... +---- + +becomes + +---- +DISSECTOR_SRC = \ + ${CMAKE_CURRENT_SOURCE_DIR}/packet-test-idl.c \ + ${CMAKE_CURRENT_SOURCE_DIR}/packet-2dparityfec.c \ + ${CMAKE_CURRENT_SOURCE_DIR}/packet-3com-njack.c \ + ... +---- +-- + +For the next steps, go up to the top of your Wireshark source directory. + +* Create a build dir ++ +-- +---- +$ mkdir build && cd build +---- +-- + +* Run cmake ++ +-- +---- +$ cmake .. +---- +-- + +* Build the code ++ +-- +---- +$ make +---- +-- + +* Good Luck !! + +==== TODO + +* Exception code not generated (yet), but can be added manually. + +* Enums not converted to symbolic values (yet), but can be added manually. + +* Add command line options etc + +* More I am sure :-) + +==== Limitations + +See the TODO list inside _packet-giop.c_ + +==== Notes + +The `-p ./` option passed to omniidl indicates that the wireshark_be.py and +wireshark_gen.py are residing in the current directory. This may need tweaking +if you place these files somewhere else. + +If it complains about being unable to find some modules (e.g. tempfile.py), you +may want to check if PYTHONPATH is set correctly. + + +// End of WSDG Chapter Dissection diff --git a/docbook/wsdg_src/wsdg_env_intro.adoc b/docbook/wsdg_src/wsdg_env_intro.adoc new file mode 100644 index 0000000..91d51ea --- /dev/null +++ b/docbook/wsdg_src/wsdg_env_intro.adoc @@ -0,0 +1,524 @@ +// WSDG Chapter Introduction + +[#ChapterIntroduction] + +== Introduction + +[#ChIntroIntro] + +=== Introduction + +This chapter will provide a general overview of Wireshark development. + +[#ChIntroWhatIs] + +=== What Is Wireshark? + +Well, if you want to start Wireshark development, you might already +know what Wireshark is doing. If not, please have a look at the +link:{wireshark-users-guide-url}[Wireshark User’s Guide], +which will provide a lot of general information about it. + +[#ChIntroPlatforms] + +=== Supported Platforms + +Wireshark currently runs on most UNIX-like platforms and various Windows +platforms. It requires Qt, GLib, libpcap and some other libraries in +order to run. + +As Wireshark is developed in a platform independent way and uses libraries (such +as the Qt GUI library) which are available for many different platforms, +it’s thus available on a wide variety of platforms. + +If a binary package is not available for your platform, you should +download the source and try to build it. Please report your experiences +to mailto:{wireshark-dev-list-email}[]. + +Binary packages are available for the following platforms along with many +others: + +==== Unix And Unix-like Platforms + +* Apple macOS + +* FreeBSD + +* HP-UX + +* IBM AIX + +* NetBSD + +* OpenBSD + +* Oracle Solaris + +===== Linux + +* Arch Linux + +* Debian GNU/Linux + +* Ubuntu + +* Fedora + +* Gentoo Linux + +* IBM S/390 Linux (Red Hat) + +* Mandriva Linux + +* PLD Linux + +* Red Hat Linux + +* Slackware Linux + +* Suse Linux + +==== Microsoft Windows + +Wireshark supports Windows natively via the https://en.wikipedia.org/wiki/Windows_API[Windows API]. +Note that in this documentation and elsewhere we tend to use the terms “Win32”, “Win”, and “Windows” interchangeably to refer to the Windows API. +“Win64” refers to the Windows API on 64-bit platforms. +Wireshark runs on and can be compiled on the following Windows versions: + +* Windows 11 / Windows Server 2022 + +* Windows 10 / Windows Server 2016 / Windows Server 2019 + +* Windows 8.1 / Windows Server 2012 R2 + +* Windows 8 / Windows Server 2012 + +Development on Windows 7, Server 2008 R2, Vista, Server 2008, and older versions may be possible but is not supported. + +Some versions of Windows support https://devblogs.microsoft.com/commandline/per-directory-case-sensitivity-and-wsl/[case sensitive directories]. +We don’t officially support building or running Wireshark in this environment, but we will accept patches to fix any issues that might arise. + +[#ChIntroDevelopment] + +=== Development And Maintenance Of Wireshark + +Wireshark was initially developed by Gerald Combs. Ongoing development +and maintenance of Wireshark is handled by the Wireshark core developers, +a loose group of individuals who fix bugs and provide new functionality. + +There have also been a large number of people who have contributed +protocol dissectors and other improvements to Wireshark, and it is +expected that this will continue. You can find a list of the people who +have contributed code to Wireshark by checking the About dialog box of +Wireshark, or have a look at the {wireshark-authors-url} page on the +Wireshark web site. + +The communication between the developers is usually done through the developer +mailing list, which can be joined by anyone interested in the development +activities. At the time this document was written, more than 500 persons were +subscribed to this mailing list! + +It is strongly recommended to join the developer mailing list, if you are going +to do any Wireshark development. See <<ChIntroMailingLists>> about the different +Wireshark mailing lists available. + +==== Programming Languages Used + +Most of Wireshark is implemented in C. +A notable exception is the code in _ui/qt_, which is written in {cpp}. + +The typical task for a new Wireshark developer is to extend an existing dissector, or write a new dissector for a specific network protocol. +Most dissectors are written in C11, so a good knowledge of C will be sufficient for Wireshark development in almost any case. +Dissectors can also be written in Lua, which might be more suitable for your specific needs. +As noted above, if you’re going to modify Wireshark’s user interface you will need a knowledge of {cpp}. + +Modifying the build system and support tooling might requires knowledge of CMake, Python, PowerShell, Bash, or Perl. +Note that these are required to build Wireshark, but not to run it. +If Wireshark is installed from a binary package, none of these helper tools are needed on the target system. + +==== Open Source Software + +Wireshark is an https://opensource.org/[open source] software (OSS) project, and is released under +the link:{gplv2-url}[GNU General Public License] (GPL). +You can freely use Wireshark on any number of computers you like, without +worrying about license keys or fees or such. In addition, all source +code is freely available under the GPL. Because of that, it is very easy +for people to add new protocols to Wireshark, either as plugins, or built +into the source, and they often do! + +You are welcome to modify Wireshark to suit your own needs, and it would be +appreciated if you contribute your improvements back to the Wireshark community. + +You gain three benefits by contributing your improvements back to the +community: + +* Other people who find your contributions useful will appreciate them, and you + will know that you have helped people in the same way that the developers of + Wireshark have helped you and other people. + +* The developers of Wireshark might improve your changes even more, as there’s + always room for improvement. Or they may implement some advanced things on top + of your code, which can be useful for yourself too. + +* The maintainers and developers of Wireshark will maintain your code as well, + fixing it when API changes or other changes are made, and generally keeping it + in tune with what is happening with Wireshark. So if Wireshark is updated + (which is done often), you can get a new Wireshark version from the website + and your changes will already be included without any effort for you. + + +The Wireshark source code and binary packages for some platforms are all +available on the download page of the Wireshark website: +{wireshark-download-url}. + + +[#ChIntroReleases] + +=== Releases And Distributions + +Official Wireshark releases can be found at {wireshark-download-url}. +Minor releases typically happen every six weeks and typically include bug fixes and security updates. +Major releases happen about once a year and include new features and new protocol support. +Official releases include binary packages for Windows and macOS along with source code. + +[#ChIntroReleaseBinary] + +==== Binary Distributions + +The Wireshark development team would like to make it as easy as possible for people to obtain and use Wireshark. +This means that we need to support the software installation systems that different operating systems provide. +We currently offer the following types of precompiled packages as part of each official release: + +* Windows .exe installer. + This is an executable file that installs Wireshark, and optionally Npcap and USBPcap, created using https://nsis.sourceforge.io/Main_Page[NSIS]. + It is the most popular installation method on Windows. + +* Windows https://portableapps.com/[PortableApps] .paf.exe file. + This is a self-contained package that can be run from anywere, either standalone or under the PortableApps.com Platform. + +* Windows .msi installer. + This installs Wireshark using Microsoft’s https://docs.microsoft.com/en-us/windows/win32/msi/installer-database[Installer Database], created using the https://wixtoolset.org/[WiX toolset]. + It does not yet include Npcap or USBPcap and is somewhat https://gitlab.com/wireshark/wireshark/-/issues/8814[experimental]. + +* macOS .dmg. + This is a disk image which includes a drag-installable Wireshark application bundle along with utility packages for installing ChmodBPF and adding Wireshark to your PATH environment variable. + +Most Linux and UNIX distributions have their own packaging systems which usually include Wireshark. +The Wireshark sources include support for creating the following types of packages: + +* Debian .deb files. + Packaging assets can be found in the _debian_ directory in the Wireshark sources. + +* Red Hat .rpm files. + Packaging assets can be found in the _packaging/rpm_ directory in the Wireshark sources. + +You can also create your own binary packages. See <<ChSrcBinary>> for details. + +[#ChIntroReleaseSource] + +==== The Source Code Distribution + +Wireshark is and will always be https://opensource.org/[open source]. +You’re welcome to download a source tarball, build it, and modify it under the terms of the {gplv2-url}[GPLv2]. +However, it’s usually much easier to use a binary package if you want to get up and running quickly in a production environment. + +Source tarballs are commonly used for building the binary packages for UNIX and UNIX-like platforms. +However, if you are going to modify the Wireshark sources, e.g. to contribute changes back or to develop an in-house version of Wireshark we recommend that you use the latest Git sources. +For details about the different ways to get the Wireshark source code see <<ChSrcObtain>>. + +Before building Wireshark from a source distribution, make sure you have all the tools and libraries required to build. +Later chapters describe the required tools and libraries in detail. + +[#ChIntroAutomated] + +=== Automated Builds (GitLab CI) + +The Wireshark development team uses GitLab’s continuous integration (CI) system to automatically build Wireshark for each Git merge request and commit. +Automated builds provide several useful services: + +* Cross-platform testing. + Inbound merge requests and commits can be tested on each of our supported plaforms, which ensures that a developer on one platform doesn’t break the build on other platforms. + +* A health indicator for the source code. + The CI badges at {wireshark-gitlab-project-url} can quickly tell you how healthy the latest code is. + Green is good, red is bad. + +* Fast code delivery. + After a change is committed to the repository, an installer is usually available within an hour at https://www.wireshark.org/download/automated/. + This can be quite helpful for resolving issues, e.g. a bug reporter can easily verify a bugfix by installing a recent build. + +* Automated regression tests. + We run a comprehensive test suite as part of each build and continuously run fuzz tests that try to crash the dissection engine. + +==== What Do The Automated Builds Do? + +GitLab’s CI operates by running a series of steps and reporting success or failure. +A typical CI job might do the following: + +. Check out Wireshark from the source repository. + +. Build Wireshark. + +. Create a source tarball, binary package, or installer. + +. Run regression tests. + +GitLab’s CI marks successful jobs with a green checkmark and failed jobs with a red “X”. +Jobs provide a link to the corresponding console logfile which provides additional information. + +Release packages are built on the following platforms: + +* Windows Server 2019 x86-64 (Win64, little endian, Visual Studio 2022) + +* Ubuntu 18.04 x86-64 (Linux, little endian, gcc, Clang) + +* macOS 10.14 x86-64 (BSD, little endian, Clang) + +Static code analysis and fuzz tests are run on the following platforms: + +* Visual Studio Code Analysis (Win64, little endian, VS 2022) + +* Clang Code Analysis, Coverity Scan, and fuzz tests (Linux, little endian, Clang) + +Each platform is represented at the status page by a single column, the most recent entries are at the top. + +[#ChIntroHelp] + + +=== Reporting problems and getting help + +If you have problems, or need help with Wireshark, there are several +places that may be of interest to you (well, beside this guide of +course). + +[#ChIntroHomepage] + +==== Website + +You will find lots of useful information on the Wireshark homepage at +{wireshark-main-url}. + +[#ChIntroWiki] + +==== Wiki + +The Wireshark Wiki at {wireshark-wiki-url} provides a wide range +of information related to Wireshark and packet capturing in general. +You will find a lot of information not part of this developer’s guide. For +example, there is an explanation how to capture on a switched network, +an ongoing effort to build a protocol reference and a lot more. + +And best of all, if you would like to contribute your knowledge on a +specific topic (maybe a network protocol you know well), you can edit the +Wiki pages by simply using your webbrowser. + +[#ChIntroFAQ] + + +==== FAQ + +The "Frequently Asked Questions" will list often asked questions and +the corresponding answers. + +Before sending any mail to the mailing lists below, be sure to read the +FAQ, as it will often answer any questions you might have. This will save +yourself and others a lot of time. Keep in mind that a lot of people are +subscribed to the mailing lists. + +You will find the FAQ inside Wireshark by clicking the menu item +Help/Contents and selecting the FAQ page in the upcoming dialog. + +An online version is available at the Wireshark website: +{wireshark-faq-url}. You might prefer this online version as it’s +typically more up to date and the HTML format is easier to use. + +[#ChIntroOtherSources] + +==== Other sources + +If you don't find the information you need inside this book, there are +various other sources of information: + +* The file _doc/README.developer_ and all the other README.xxx files in the + source code. These are various documentation files on different topics + +[NOTE] +.Read the README +==== +_README.developer_ is packed full with all kinds of details relevant +to the developer of Wireshark source code. Its companion file +_README.dissector_ advises you around common +pitfalls, shows you basic layout of dissector code, shows details of the +APIs available to the dissector developer, etc. +==== + +* The Wireshark source code + +* Tool documentation of the various tools used +(e.g. manpages of sed, gcc, etc.) + +* The different mailing lists. See <<ChIntroMailingLists>> + +[#ChIntroQA] + +==== Q&A Site + +The Wireshark Q&A site at {wireshark-qa-url} offers a resource where +questions and answers come together. You have the option to search what +questions were asked before and what answers were given by people who +knew about the issue. Answers are graded, so you can pick out the best +ones easily. If your issue isn't discussed before you can post one +yourself. + +[#ChIntroMailingLists] + +==== Mailing Lists + +There are several mailing lists available on specific Wireshark topics: + +wireshark-announce:: This mailing list will inform you about new program +releases, which usually appear about every 4-8 weeks. + +wireshark-users:: This list is for users of Wireshark. People post +questions about building and using Wireshark, others (hopefully) +provide answers. + +wireshark-dev:: This list is for Wireshark developers. People post questions about +the development of Wireshark, others (hopefully) provide answers. +If you want to start developing a protocol dissector, join this list. + +wireshark-bugs:: This list is for Wireshark developers. Every time a change to the bug +database occurs, a mail to this mailing list is generated. +If you want to be notified about all the changes to the bug +database, join this list. Details about the bug database can be +found in <<ChIntroBugDatabase>>. + +wireshark-commits:: This list is for Wireshark developers. Every time a change to the Git +repository is checked in, a mail to this mailing list is generated. +If you want to be notified about all the changes to the Git +repository, join this list. Details about the Git repository can be +found in <<ChSrcGitRepository>>. + +You can subscribe to each of these lists from the Wireshark web site: +{wireshark-mailing-lists-url}. From there, you can choose which mailing +list you want to subscribe to by clicking on the +Subscribe/Unsubscribe/Options button under the title of the relevant +list. The links to the archives are included on that page as well. + +[TIP] +.The archives are searchable +==== +You can search in the list archives to see if someone previously asked the same +question and maybe already got an answer. That way you don't have to wait until +someone answers your question. +==== + +[#ChIntroBugDatabase] + +==== Bug Database (GitLab Issues) + +The Wireshark community collects bug reports in an issues database at {wireshark-bugs-url}. +This database is filled with manually filed bug reports, usually after some discussion on wireshark-dev, and automatic bug reports from continuous integration jobs. + +[#ChIntroReportProblems] + +==== Reporting Problems + +[NOTE] +.Test with the latest version +==== +Before reporting any problems, please make sure you have installed the +latest version of Wireshark. Reports on older maintenance releases are +usually met with an upgrade request. +==== + +If you report problems, provide as much information as possible. In general, +just think about what you would need to find that problem, if someone else sends +you such a problem report. Also keep in mind that people compile/run Wireshark +on a lot of different platforms. + +When reporting problems with Wireshark, it is helpful if you supply the +following information: + +. The version number of Wireshark and the dependent libraries linked with +it, e.g. Qt, GLib, etc. You can obtain this with the command +`wireshark -v`. + +. Information about the platform you run Wireshark on. + +. A detailed description of your problem. + +. If you get an error/warning message, copy the text of that message (and +also a few lines before and after it, if there are some), so others may +find the build step where things go wrong. +Please don't give something like: "I get a warning when compiling x" +as this won't give any direction to look at. + +[NOTE] +.Don't send large files +==== +Do not send large files (>100KB) to the mailing lists, just place a note +that further data is available on request. Large files will only annoy a +lot of people on the list who are not interested in your specific problem. +If required, you will be asked for further data by the persons who really +can help you. +==== + +[WARNING] +.Don't send confidential information +==== +If you send captured data to the mailing lists, or add it to your bug report, +be sure it doesn't contain any sensitive or confidential information, +such as passwords. Visibility of such files can be limited to certain +groups in the GitLab Issues database by marking the issue confidential. +==== + +==== Reporting Crashes on UNIX-like platforms + +When reporting crashes with Wireshark, it is helpful if you supply the +traceback information (besides the information mentioned in +<<ChIntroReportProblems>>). + +You can obtain this traceback information with the following commands: + +---- +$ gdb `whereis wireshark | cut -f2 -d: | cut -d' ' -f2` core >& bt.txt +backtrace +^D +$ +---- + +[NOTE] +.Using GDB +==== +Type the characters in the first line verbatim. Those are +back-tics there. + +`backtrace` is a `gdb` command. You should +enter it verbatim after the first line shown above, but it will not be +echoed. The ^D +(Control-D, that is, press the Control key and the D key +together) will cause `gdb` to exit. This will +leave you with a file called +_bt.txt_ in the current directory. +Include the file with your bug report. + +If you do not have `gdb` available, you +will have to check out your operating system’s debugger. +==== + +You should mail the traceback to mailto:{wireshark-dev-list-email}[] or attach it +to your bug report. + +==== Reporting Crashes on Windows platforms + +You can download Windows debugging symbol files (.pdb) from the following locations: + +* 64-bit Windows: https://www.wireshark.org/download/win64/all-versions/ + +Files are named "Wireshark-pdb-win__bits__-_x_._y_._z_.zip" to match their +corresponding "Wireshark-win__bits__-_x_._y_._z_.exe" installer packages. + +// XXX Show how to use the Visual Studio debugger + +// End of WSDG Chapter Introduction diff --git a/docbook/wsdg_src/wsdg_libraries.adoc b/docbook/wsdg_src/wsdg_libraries.adoc new file mode 100644 index 0000000..d0f5f1d --- /dev/null +++ b/docbook/wsdg_src/wsdg_libraries.adoc @@ -0,0 +1,349 @@ +// WSDG Chapter Libraries + +[#ChapterLibraries] + +== Library Reference + +[#ChLibIntro] + +=== Introduction + +Like most applications, Wireshark depends on libraries provided by your operating system and by third parties, including the C runtime library, GLib, libpcap, and Qt. +While running Wireshark only requires the libraries themselves, building it requires header files, import libraries, and related resources. + +Binary libraries are available in different formats and are specific to the target operating system, platform, and compiler. +They can be compiled by hand, but are most often installed as pre-built packages. + +On most Linux systems, the required binary and development libraries can be installed using your package manager. +We provide setup scripts that will install the required packages for most distributions. +See <<ChSetupUNIXBuildEnvironmentSetup>> for details. + +On macOS, you can install pre-built packages using a third party package manager such as Homebrew or MacPorts. +As with Linux, we provide `tools/macos-setup-brew.sh`, which will install the required Homebrew packages. +We also provide `tools/macos-setup.sh`, which will download, build, and install required packages. + +Windows doesn't have a good library package manager at the present time, so we provide our own pre-built libraries. +They can be installed using `tools/win-setup.ps1` and are automatically installed when you run CMake. +With the exception of Qt, all libraries required to build Wireshark on Windows are available for download at +https://dev-libs.wireshark.org/windows/[]. +See <<ChLibsSetup>> for details. + +[#ChLibsSetup] + +=== Windows Automated Library Download + +The required libraries (apart from Qt) are automatically downloaded as part of +the CMake generation step, and subsequently as required when libraries are updated. + +The libraries are downloaded into the directory indicated by the environment +variable WIRESHARK_BASE_DIR, this must be set appropriately for your environment. +The libraries are downloaded and extracted into WIRESHARK_BASE_DIR\wireshark-x64-libs or WIRESHARK_BASE_DIR\wireshark-arm64-libs depending on your target platform. + +You may also set the library directory to a custom value with the environment variable WIRESHARK_LIB_DIR, but you may run into problems if you switch between major versions or target platforms. + +[#ChLibsQt] + +=== Qt + +The Qt library is used to build the UI for Wireshark and is used to provide a platform independent UI. +Wireshark can be built with Qt 5.12 or later, but looks for Qt 6 as the default version. + +To enable builds with Qt 5.x, the command-line option `-DUSE_qt6=OFF` has to be set for cmake. + +For more information on the Qt libraries, see <<ChUIQt>>. + +[#ChLibsUnixQt] + +[discrete] +==== Unix + +Most Linux distributions provide Qt and its development libraries as standard packages. +The required libraries and tools will likely be split across several packages. For example, +building on Ubuntu requires _qt6-tools-dev_, _qt6-tools-dev-tools_, _libqt6svg6-dev_, +_qt6-multimedia-dev_, and possibly others. + +The Qt Project provides an installation tool for macOS, similar to Windows. +It is available at https://www.qt.io/download-open-source/#section-2[]. + +[#ChLibsWindowsQt] + +[discrete] +==== Windows + +Qt 6 must be installed manually from the Qt installers page https://www.qt.io/download-open-source/#section-2[] using the version of Qt appropriate for your compiler. + +The CMake variable CMAKE_PREFIX_PATH (see `https://doc.qt.io/qt-6/cmake-get-started.html`) should be set to your Qt installation directory, e.g. _C:\Qt{backslash}{qt6-lts-version}\msvc2019_64_. +Alternatively you can also use the environment variable WIRESHARK_QT6_PREFIX_PATH. + +[#ChLibsGLib] + +=== GLib And Supporting Libraries + +The GLib library is used as a basic platform abstraction library and can +be used in both CLI and GUI applications. For a detailed description +about GLib see <<ChCodeGLib>>. + +GLib depends on GNU libiconv, GNU gettext, and other libraries. You will +typically not come into contact with these while doing Wireshark +development. Wireshark's build system check for and require both GLib +and its dependencies. + +[#ChLibsUnixGLib] + +[discrete] +==== Unix + +The GLib library is available for most Linux distributions and UNIX +flavors. If it isn't already installed and isn't available as a package +for your platform, you can get it at https://wiki.gnome.org/Projects/GLib[]. + +[#ChLibsWindowsGLib] + +[discrete] +==== Windows + +GLib is part of our vcpkg-export bundles and is available at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsCares] + +=== c-ares + +C-Ares is used for asynchronous DNS resolution and lets us resolve names with a minimal performance impact. + +[#ChLibsUnixCares] + +[discrete] +==== Unix + +If this library isn't already installed or available as a package for your +platform, you can get it at https://c-ares.org/[]. + +[#ChLibsWindowsCares] + +[discrete] +==== Windows + +C-Ares is built using {vcpkg-main-url}[vcpkg] and is available at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsSMI] + +=== SMI (Optional) + +LibSMI is used for MIB and PIB parsing and for OID resolution. + +[#ChLibsUnixSMI] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://www.ibr.cs.tu-bs.de/projects/libsmi/[]. + +[#ChLibsWindowsSMI] + +[discrete] +==== Windows + +Wireshark uses the source libSMI distribution at +https://www.ibr.cs.tu-bs.de/projects/libsmi/[]. +LibSMI is cross-compiled using MinGW32. +It’s stored in the libsmi zip archives at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsZlib] + +=== zlib (Optional) + +[quote, The zlib web site, https://www.zlib.net/] +____ +zlib is designed to be a +https://www.zlib.net/zlib_license.html[free], +general-purpose, legally unencumbered -- that is, not covered by any +patents -- lossless data-compression library for use on virtually any computer +hardware and operating system. +____ + +[#ChLibsUnixZlib] + +[discrete] +==== Unix + +This library is almost certain to be installed on your system. If it isn't or +you don't want to use the default library you can download it from +https://www.zlib.net/[]. + +[#ChLibsWindowsZlib] + +[discrete] +==== Windows + +zlib is part of our vcpkg-export bundles and is available at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsPcap] + +=== libpcap or Npcap (Optional, But Strongly Recommended) + +Libpcap and Npcap provide the packet capture capabilities that are central +to Wireshark’s core functionality. + +[#ChLibsLibpcap] + +[discrete] +==== Unix: libpcap + +If this library isn't already installed or available as a package for your +platform, you can get it at {tcpdump-main-url}. + +[#ChLibsWinpPcap] + +[discrete] +==== Windows: Npcap + +The Windows build environment compiles and links against a libpcap SDK built using {vcpkg-main-url}[vcpkg] and includes the {npcap-main-url}[Npcap packet capture driver] with the .exe installer. +Both are <<ChLibsSetup,automatically downloaded by CMake>>. + +You can download the Npcap Windows packet capture library manually from +{npcap-main-url}. + +[WARNING] +.Npcap has its own license with its own restrictions +==== +Insecure.Com LLC, aka “The Nmap Project” has granted the Wireshark +Foundation the right to include Npcap with the installers that we +distribute from wireshark.org. If you wish to distribute your own +Wireshark installer or any other package that includes Npcap you must +comply with the {npcap-license-url}[Npcap license] and may be required +to purchase a redistribution license. Please see {npcap-main-url} for +more details. +==== + +[#ChLibsGNUTLS] + +=== GnuTLS (Optional) + +The GNU Transport Layer Security Library is used to enable TLS decryption +using an RSA private key. + +[#ChLibsUnixGNUTLS] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://gnutls.org/[]. + +[#ChLibsWindowsGNUTLS] + +[discrete] +==== Windows + +We provide packages cross-compiled using MinGW32 at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsGcrypt] + +=== Gcrypt + +The Gcrypt Library is a low-level cryptographic library that provides +support for many ciphers and message authentication codes, such as DES, 3DES, +AES, Blowfish, SHA-1, SHA-256, and others. + +[#ChLibsUnixGcrypt] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://directory.fsf.org/wiki/Libgcrypt[]. + +[#ChLibsWindowsGcrypt] + +[discrete] +==== Windows + +We provide packages for Windows at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsKerberos] + +=== Kerberos (Optional) + +The Kerberos library is used to dissect Kerberos, sealed DCERPC and +secure LDAP protocols. + +[#ChLibsUnixKerberos] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://web.mit.edu/Kerberos/dist/[]. + +[#ChLibsWindowsKerberos] + +[discrete] +==== Windows + +We provide packages for Windows at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsLua] + +=== Lua (Optional) + +The Lua library is used to add scripting support to Wireshark. + +[#ChLibsUnixLua] + +[discrete] +==== Unix + +If this library isn't already installed or available as a +package for your platform, you can get it at +https://www.lua.org/download.html[]. + +[#ChLibsWindowsLua] + +[discrete] +==== Windows + +We provide copies of the official packages at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsMaxMindDB] + +=== MaxMindDB (Optional) + +MaxMind Inc. publishes a set of IP geolocation databases and related +open source libraries. They can be used to map IP addresses to +geographical locations and other information. + +If libmaxminddb library isn't already installed or available as a +package for your platform, you can get it at +https://github.com/maxmind/libmaxminddb[]. + +We provide packages for Windows at +https://dev-libs.wireshark.org/windows/packages/[]. + +[#ChLibsSparkle] + +=== WinSparkle (Optional) + +WinSparkle is an easy-to-use software update library for Windows developers. + +[#ChLibsWinSparkle] + +[discrete] +==== Windows + +We provide copies of the WinSparkle package at +https://dev-libs.wireshark.org/windows/packages/[]. + +// End of WSDG Chapter Libraries diff --git a/docbook/wsdg_src/wsdg_lua_support.adoc b/docbook/wsdg_src/wsdg_lua_support.adoc new file mode 100644 index 0000000..8f7314b --- /dev/null +++ b/docbook/wsdg_src/wsdg_lua_support.adoc @@ -0,0 +1,276 @@ +[#wsluarm] + +// Attributes +:build_dir: .. + +== Lua Support in Wireshark + +[#wsluarm_intro] + +=== Introduction + +Lua is a powerful light-weight programming language designed for extending +applications. Wireshark contains an embedded Lua 5.2 interpreter which +can be used to write dissectors, taps, and capture file readers +and writers. + +If Lua is enabled, Wireshark will first try to load a file named `init.lua` +from the global link:{wireshark-users-guide-url}ChPluginFolders.html[_plugins directory_]. +and then from the user’s +link:{wireshark-users-guide-url}ChAppFilesConfigurationSection.html[_personal plugins directory_]. +Then all files ending with _.lua_ are loaded from the global plugins +directory. Then all files ending with _.lua_ in the personal Lua plugin's +directory. + +Whether or not Lua scripts are enabled can be controlled via the +_$$enable_lua$$_ variable. Lua scripts are enabled by +default. To disable Lua scripts, set the _$$enable_lua$$_ variable to _false_. +Wireshark 2.6 and earlier enabled or disabled Lua scripts using +the variable _$$disable_lua$$_ (deprecated). If both _$$enable_lua$$_ and +_$$disable_lua$$_ are present, _$$disable_lua$$_ is ignored. + +.Example for init.lua +[source,lua] +---- +-- Set enable_lua to false to disable Lua support. +enable_lua = true + +if not enable_lua then + return +end + +-- If false and Wireshark was started as (setuid) root, then the user +-- will not be able to execute custom Lua scripts from the personal +-- configuration directory, the -Xlua_script command line option or +-- the Lua Evaluate menu option in the GUI. +-- Note: Not checked on Windows. running_superuser is always false. +run_user_scripts_when_superuser = true +---- + +The command line option _$$-X lua_script:$$++file.lua++_ can also be used to load +specific Lua scripts. + +The Lua code is executed after all protocol dissectors are +initialized and before reading any file. + +Wireshark for Windows uses a modified Lua runtime +(link:https://github.com/Lekensteyn/lua-unicode[lua-unicode]) to +support Unicode (UTF-8) filesystem paths. This brings consistency with other +platforms (for example, Linux and macOS). + +[#wslua_menu_example] + +=== Example: Creating a Menu with Lua + +The code below adds a menu "Lua Dialog Test" under the Tools menu. +When selected, it opens a dialog prompting the user for input +and then opens a text window with the output. + +[source,lua] +---- + +-- Define the menu entry's callback +local function dialog_menu() + local function dialog_func(person,eyes,hair) + local window = TextWindow.new("Person Info"); + local message = string.format("Person %s with %s eyes and %s hair.", person, eyes, hair); + window:set(message); + end + + new_dialog("Dialog Test",dialog_func,"A Person","Eyes","Hair") +end + +-- Create the menu entry +register_menu("Lua Dialog Test",dialog_menu,MENU_TOOLS_UNSORTED) + +-- Notify the user that the menu was created +if gui_enabled() then + local splash = TextWindow.new("Hello!"); + splash:set("Wireshark has been enhanced with a useless feature.\n") + splash:append("Go to 'Tools->Lua Dialog Test' and check it out!") +end + +---- + +[#wslua_dissector_example] + +=== Example: Dissector written in Lua + +[source,lua] +---- +local p_multi = Proto("multi", "MultiProto"); + +local vs_protos = { + [2] = "mtp2", + [3] = "mtp3", + [4] = "alcap", + [5] = "h248", + [6] = "ranap", + [7] = "rnsap", + [8] = "nbap" +} + +local f_proto = ProtoField.uint8("multi.protocol", "Protocol", base.DEC, vs_protos) +local f_dir = ProtoField.uint8("multi.direction", "Direction", base.DEC, { [1] = "incoming", [0] = "outgoing"}) +local f_text = ProtoField.string("multi.text", "Text") + +p_multi.fields = { f_proto, f_dir, f_text } + +local data_dis = Dissector.get("data") + +local protos = { + [2] = Dissector.get("mtp2"), + [3] = Dissector.get("mtp3"), + [4] = Dissector.get("alcap"), + [5] = Dissector.get("h248"), + [6] = Dissector.get("ranap"), + [7] = Dissector.get("rnsap"), + [8] = Dissector.get("nbap"), + [9] = Dissector.get("rrc"), + [10] = DissectorTable.get("sctp.ppi"):get_dissector(3), -- m3ua + [11] = DissectorTable.get("ip.proto"):get_dissector(132), -- sctp +} + +function p_multi.dissector(buf, pkt, tree) + + local subtree = tree:add(p_multi, buf(0,2)) + subtree:add(f_proto, buf(0,1)) + subtree:add(f_dir, buf(1,1)) + + local proto_id = buf(0,1):uint() + + local dissector = protos[proto_id] + + if dissector ~= nil then + -- Dissector was found, invoke subdissector with a new Tvb, + -- created from the current buffer (skipping first two bytes). + dissector:call(buf(2):tvb(), pkt, tree) + elseif proto_id < 2 then + subtree:add(f_text, buf(2)) + -- pkt.cols.info:set(buf(2, buf:len() - 3):string()) + else + -- fallback dissector that just shows the raw data. + data_dis:call(buf(2):tvb(), pkt, tree) + end + +end + +local wtap_encap_table = DissectorTable.get("wtap_encap") +local udp_encap_table = DissectorTable.get("udp.port") + +wtap_encap_table:add(wtap.USER15, p_multi) +wtap_encap_table:add(wtap.USER12, p_multi) +udp_encap_table:add(7555, p_multi) +---- + +[#wslua_tap_example] + +=== Example: Listener written in Lua + +[source,lua] +---- +-- This program will register a menu that will open a window with a count of occurrences +-- of every address in the capture + +local function menuable_tap() + -- Declare the window we will use + local tw = TextWindow.new("Address Counter") + + -- This will contain a hash of counters of appearances of a certain address + local ips = {} + + -- this is our tap + local tap = Listener.new(); + + local function remove() + -- this way we remove the listener that otherwise will remain running indefinitely + tap:remove(); + end + + -- we tell the window to call the remove() function when closed + tw:set_atclose(remove) + + -- this function will be called once for each packet + function tap.packet(pinfo,tvb) + local src = ips[tostring(pinfo.src)] or 0 + local dst = ips[tostring(pinfo.dst)] or 0 + + ips[tostring(pinfo.src)] = src + 1 + ips[tostring(pinfo.dst)] = dst + 1 + end + + -- this function will be called once every few seconds to update our window + function tap.draw(t) + tw:clear() + for ip,num in pairs(ips) do + tw:append(ip .. "\t" .. num .. "\n"); + end + end + + -- this function will be called whenever a reset is needed + -- e.g. when reloading the capture file + function tap.reset() + tw:clear() + ips = {} + end + + -- Ensure that all existing packets are processed. + retap_packets() +end + +-- using this function we register our function +-- to be called when the user selects the Tools->Test->Packets menu +register_menu("Test/Packets", menuable_tap, MENU_TOOLS_UNSORTED) +---- + +[#wsluarm_modules] + +== Wireshark’s Lua API Reference Manual + +This Part of the User Guide describes the Wireshark specific functions in the embedded Lua. + +Classes group certain functionality, the following notational conventions are +used: + +* _Class.function()_ represents a class method (named _function_) on class + _Class_, taking no arguments. + +* _Class.function(a)_ represents a class method taking one argument. + +* _Class.function(...)_ represents a class method taking a variable number of + arguments. + +* _class:method()_ represents an instance method (named _method_) on an instance + of class _Class_, taking no arguments. Note the lowercase notation in the + documentation to clarify an instance. + +* _class.prop_ represents a property _prop_ on the instance of class _Class_. + +Trying to access a non-existing property, function or method currently gives an +error, but do not rely on it as the behavior may change in the future. + + +include::{build_dir}/wsluarm_src/wslua_utility.adoc[] +include::{build_dir}/wsluarm_src/wslua_gui.adoc[] +include::{build_dir}/wsluarm_src/wslua_proto.adoc[] +include::{build_dir}/wsluarm_src/wslua_field.adoc[] +include::{build_dir}/wsluarm_src/wslua_pinfo.adoc[] +include::{build_dir}/wsluarm_src/wslua_tvb.adoc[] +include::{build_dir}/wsluarm_src/wslua_tree.adoc[] +include::{build_dir}/wsluarm_src/wslua_listener.adoc[] +include::{build_dir}/wsluarm_src/wslua_dumper.adoc[] +include::{build_dir}/wsluarm_src/wslua_wtap.adoc[] +include::{build_dir}/wsluarm_src/wslua_file.adoc[] +include::{build_dir}/wsluarm_src/wslua_dir.adoc[] +include::{build_dir}/wsluarm_src/wslua_int64.adoc[] +include::{build_dir}/wsluarm_src/wslua_struct.adoc[] + +[#lua_module_PCRE2] + +=== PCRE2 Regular Expressions + +Lua has its own native _pattern_ syntax in the string library, but sometimes a +real regex engine is more useful. Wireshark comes with Perl Compatible Regular +Expressions version 2 (PCRE2). This engine is exposed into Wireshark’s Lua engine through the +well-known Lrexlib library. The module is loaded in the global environment using +the "rex_pcre2" table. The manual is available at https://rrthomas.github.io/lrexlib/manual.html. diff --git a/docbook/wsdg_src/wsdg_preface.adoc b/docbook/wsdg_src/wsdg_preface.adoc new file mode 100644 index 0000000..6b20969 --- /dev/null +++ b/docbook/wsdg_src/wsdg_preface.adoc @@ -0,0 +1,84 @@ +[#Preface] +["preface",id="Preface"] +== Preface + +[#PreForeword] + +=== Foreword + +This book tries to give you a guide to start your own experiments into +the wonderful world of Wireshark development. + +Developers who are new to Wireshark often have a hard time getting their development environment up and running. +This is especially true for Windows developers, as a lot of the tools and methods used when building Wireshark are much more common in the UNIX world than on Windows. + +The first part of this book will describe how to set up the environment +needed to develop Wireshark. + +The second part of this book will describe how to change the Wireshark +source code. + +We hope that you find this book useful, and look forward to your comments. + +[#PreAudience] + +=== Who should read this document? + +The intended audience of this book is anyone going into the development of +Wireshark. + +This book is not intended to explain the usage of Wireshark in general. +Please refer the +{wireshark-users-guide-url}[Wireshark User’s Guide] about Wireshark usage. + +By reading this book, you will learn how to develop Wireshark. It will +hopefully guide you around some common problems that frequently appear for +new (and sometimes even advanced) developers of Wireshark. + +[#PreAck] + +=== Acknowledgements + +The authors would like to thank the whole Wireshark team for their +assistance. In particular, the authors would like to thank: + +* Gerald Combs, for initiating the Wireshark project. + +* Guy Harris, for many helpful hints and his effort in maintaining +the various contributions on the mailing lists. + +* Frank Singleton from whose `README.idl2wrs` <<ChDissectIdl2wrs>> is derived. + +The authors would also like to thank the following people for their +helpful feedback on this document: + +* XXX - Please give feedback :-) + +And of course a big thank you to the many, many contributors of the +Wireshark development community! + +[#PreAbout] + +=== About this document + +This book was developed by mailto:{wsdg-author-email}[Ulf Lamping], +updated for VS2013 by mailto:{wsdg-author-email2}[Graham Bloice], +and updated for later versions of Visual Studio by various contributors. + +It is written in AsciiDoc. + +[#PreDownload] + +=== Where to get the latest copy of this document? + +The latest copy of this documentation can always be found at +{wireshark-developers-guide-url}. + +[#PreFeedback] + +=== Providing feedback about this document + +Should you have any feedback about this document, please send it to the +authors through mailto:{wireshark-dev-list-email}[]. + + diff --git a/docbook/wsdg_src/wsdg_quick_setup.adoc b/docbook/wsdg_src/wsdg_quick_setup.adoc new file mode 100644 index 0000000..15458be --- /dev/null +++ b/docbook/wsdg_src/wsdg_quick_setup.adoc @@ -0,0 +1,965 @@ +// WSDG Chapter Setup + +[#ChapterSetup] + +== Setup and Build Instructions + +[#ChSetupUNIX] + +=== UN*X + +[#ChSetupUNIXBuildEnvironmentSetup] + +==== Build environment setup + +The following must be installed in order to build Wireshark: + +* a C compiler and a C++ compiler; +* the Flex lexical analyzer; +* Python 3; +* CMake; +* several required libraries. + +Either make or Ninja can be used to build Wireshark; at least one of +those must be installed. + +To build the manual pages, Developer's Guide and User's Guide, Asciidoctor, Xsltproc, and DocBook must be installed. + +Perl is required to generate some code and run some code analysis checks. + +Some features of Wireshark require additional libraries to be installed. +The processes for doing so on various UN*X families is shown here. + +There are shell scripts in the `tools` directory to install the packages +and libraries required to build Wireshark. Usage is available with the +`--help` option. `root` permission is required to run the scripts. +The available scripts and their options for a given family of UN*Xes are +shown in the section for that family. + +[discrete] +==== Alpine Linux + +The setup script is `tools/alpine-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `--install-all` install everything +* `[other]` other options are passed as-is to apk + +[discrete] +==== Arch Linux and pacman-based systems + +The setup script is `tools/arch-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `--install-test-deps` install packages required to run all tests +* `--install-all` install everything +* `[other]` other options are passed as-is to pacman + +[discrete] +==== BSD systems such as FreeBSD, NetBSD, OpenBSD, and DragonFly BSD + +The setup script is `tools/bsd-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `[other]` other options are passed as-is to pkg manager + +[discrete] +==== Debian, and Linux distributions based on Debian, such as Ubuntu + +The setup script is `tools/debian-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `--install-deb-deps` install packages required to build the .deb file +* `--install-test-deps` install packages required to run all tests +* `--install-qt5-deps` force installation of packages required to use Qt5 +* `--install-qt6-deps` force installation of packages required to use Qt6 +* `--install-all` install everything +* `[other]` other options are passed as-is to apt + +[discrete] +==== RPM-based Linux distributions such as Red Hat, Centos, Fedora, and openSUSE + + +The setup script is `tools/rpm-setup.sh`; its options are: + +* `--install-optional` install optional software as well +* `--install-rpm-deps` install packages required to build the .rpm file +* `--install-qt5-deps` force installation of packages required to use Qt5 +* `--install-qt6-deps` force installation of packages required to use Qt6 +* `--install-all` install everything +* `[other]` other options are passed as-is to the packet manager + +[discrete] +==== macOS + +You must first install Xcode. + +After installing Xcode, the setup script `tools/macos-setup.sh` will +install the rest of the tools and libraries required to build Wireshark, +except for Qt 6, as well as the additional tools required to build the +documentation and the libraries required for all Wireshark features. If +you're using Homebrew, the script `tools/macos-setup-brew.sh` will +install the same tools and libraries from Homebrew. + +If you will be building Wireshark with Qt 6, which is the default for +Wireshark 4.0 and later, you will also have to install Qt; the +`tools/macos-setup.sh` script will not install Qt 6. To install +Qt, go to the https://www.qt.io/download-qt-installer-oss[Download Qt +for open source use page], select “macOS” if it's not already selected, +and then select “Qt online installer for macOS“. This will download a +.dmg for the installer; launch the installer. It will require that you +log into your Qt account; if you don't have an account, select “Sign up“ +to create one. The next page will require you to accept the LGPL (Lesser +GNU Public License); do so. Continue to the “Installation Folder“ page +of the installer screen, and select the “Custom installation“ option. +On the “Select Components“ screen of the installer, select, for the +desired Qt version, the “macOS” component. For example, at the time of +this writing the Qt {qt6-lts-version} “macOS” component is used to build +the official packages. The “Qt Debug Information Files” component +contains dSYM files which can be used for debugging. You can deselect +all of the other the components such as “Qt Charts” or “Android xxxx” +as they aren’t required. + +Qt 6 needs the "Qt 5 Compatibility Module" to be installed as well. Additionally, the module +"Qt Multimedia" may be installed, to support advanced controls for playing back streams in the +RTP Player dialog. + +[#ChSetupUNIXBuild] + +==== Building + +Before building: + +On macOS, you will need to set the Qt installation directory in the +environment: + +[subs="attributes+"] +---- +WIRESHARK_QT6_PREFIX_PATH=~/Qt/{qt6-lts-version}/macos +export WIRESHARK_QT6_PREFIX_PATH +---- + +If you want to append a custom string to the package version, run the +command + +[subs="attributes+"] +---- +WIRESHARK_VERSION_EXTRA=-YourExtraVersionInfo +export WIRESHARK_VERSION_EXTRA +---- + +The recommended (and fastest) way to build Wireshark is with CMake +and Ninja. Building with make took nearly 2x time as Ninja in one +experiment. + +CMake builds are best done in a separate build directory, such as a +`build` subdirectory of the top-level source directory. + +If that directory is a subdirectory of the top-level source directory, +to generate the build files, change to the build directory and enter the +following command: + +---- +cmake .. +---- + +to use make as the build tool or + +---- +cmake -G Ninja .. +---- + +to use Ninja as the build tool. + +If you created the build directory in the +same directory that contains the top-level Wireshark source directory, +to generate the build files, change to the build directory and enter the +following command: + +---- +cmake ../{source directory} +---- + +to use make as the build tool or + +---- +cmake -G Ninja ../{source directory} +---- + +to use Ninja as the build tool. + +`{source directory}` is the name of the +top-level Wireshark source directory. + +If you need to build with a non-standard configuration, you can run + +[source,sh] +---- +cmake -LH ../{source directory} +---- + +to see what options you have. + +You can then run Ninja or make to build Wireshark. + +---- +ninja +# or +make +---- + +Once you have build Wireshark with `ninja` or `make` above, you should be able to test it +by entering `run/wireshark`. + +==== Optional: Install + +Install Wireshark in its final destination: + +---- +make install +---- + +Once you have installed Wireshark with `make install` above, you should be able +to run it by entering `wireshark`. + +==== Optional: Create User’s and Developer’s Guide + +To build the Wireshark User's Guide and the Wireshark Developer's Guide, +build the `all_guides` target, e.g. `make all_guides` or `ninja +all_guides`. Detailed information to build these guides can be found in +the file _docbook/README.adoc_ in the Wireshark sources. + +==== Optional: Create an installable or source code package + +You can create packages using the following build targets and commands: + +Source code tarball:: + Build the `dist` target. + +deb (Debian) package:: + Create a symlink in the top-level source directory to _packaging/debian_, then run `dpkg-buildpackage`. + +RPM package:: + Build the `wireshark_rpm` target. + +https://appimage.org[AppImage] package:: + Build the `wireshark_appimage` target. + +macOS .dmg package containing an application bundle:: + Build the `wireshark_dmg` or `logray_dmg` targets. + +Installable packages typically require building Wireshark first. + +==== Troubleshooting during the build and install on Unix + +A number of errors can occur during the build and installation process. +Some hints on solving these are provided here. + +If the `cmake` stage fails you will need to find out why. You can check the +file `CMakeOutput.log` and `CMakeError.log` in the build directory to find +out what failed. The last few lines of this file should help in determining the +problem. + +The standard problems are that you do not have a required development package on +your system or that the development package isn’t new enough. Note that +installing a library package isn’t enough. You need to install its development +package as well. + +If you cannot determine what the problems are, send an email to the +_wireshark-dev_ mailing list explaining your problem. Include the output from +`cmake` and anything else you think is relevant such as a trace of the +`make` stage. + + +// Retain ChSetupWin32 for backward compatibility +[#ChSetupWindows] +=== Windows: Using Microsoft Visual Studio[[ChSetupWin32]] + +A quick setup guide for Windows development with recommended configurations. + +[WARNING] +==== +Unless you know exactly what you are doing, you +should strictly follow the recommendations below. They are known to work +and if the build breaks, please re-read this guide carefully. + +Known traps are: + +. Not using the correct (x64 or x86) version of the Visual Studio command prompt. + +. Not using a supported version of Windows. Please check + https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet[here] + that your installed version is supported and updated. + +==== + +[#ChSetupChocolatey] + +==== Recommended: Install Chocolatey + +https://chocolatey.org/[Chocolatey] is a native package manager for +Windows. There are https://chocolatey.org/packages[packages] for most of +the software listed below. Along with traditional Windows packages it +supports the Python Package Index. + +Chocolatey tends to install packages into its own path (%ChocolateyInstall%), although packages are free to use their own preferences. +You can install Chocolatey packages using the command `choco install` (or its shorthand, `cinst`), e.g. + +[source,cmd] +---- +rem Flex is required. +choco install -y winflexbison3 +rem Git, CMake, Python, etc are also required, but can be installed +rem via their respective installation packages. +choco install -y git cmake python3 +---- + + +[#ChSetupMSVC] + +==== Install Microsoft Visual Studio + +Download and install https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=17[“Microsoft Visual Studio 2022 Community Edition”]. +If you prefer you can instead download and install https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16[“Microsoft Visual Studio 2019 Community Edition”]. +The examples below are for Visual Studio 2022 but can be adapted for Visual Studio 2019. +These are small utilities that download all the other required parts (which are quite large). + +Check the checkbox for “Desktop development with {cpp}” and then uncheck +all the optional components other than + +* “MSVC ... VS 2022 {cpp}” item with the “... build tools (Latest)” +* “Windows 11 SDK” +* “{cpp} CMake tools for Windows" + +(unless you want to use them for purposes other than Wireshark). + +You can alternatively use Chocolatey to install Visual Studio, using the Visual Studio Community and Native Desktop workload packages. +Note that this includes Visual Studio’s CMake component. + +---- +choco install -y visualstudio2022community visualstudio2022-workload-nativedesktop +---- + +// winget has basic VS 2022 and 2019 packages, but no native desktop workload packages. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/m/Microsoft/VisualStudio + +You can use other Microsoft C compiler variants, but VS2022 is used to +build the development releases and is the preferred option. It’s +possible to compile Wireshark with a wide range of Microsoft C compiler +variants. For details see <<ChToolsMSChain>>. + +You may have to do this as Administrator. + +Compiling with gcc or Clang is not recommended and will +certainly not work (at least not without a lot of advanced +tweaking). For further details on this topic, see +<<ChToolsGNUChain>>. This may change in future as releases +of Visual Studio add more cross-platform support. + +// XXX - mention the compiler and PSDK web installers - +// which significantly reduce download size - and find out the +// required components + +Why is this recommended? +While this is a huge download, the Community Editions of Visual Studio are free (as in beer) and include the Visual Studio integrated debugger. +Visual Studio 2022 is also used to create official Wireshark builds, so it will likely have fewer development-related problems. + +[#ChSetupQt] + +==== Install Qt + +The main Wireshark application uses the Qt windowing toolkit. To install +Qt, go to the https://www.qt.io/download[“Download Qt” page], select +"Download open source", then "Download Qt Online Installer", and download +"*Qt Online Installer for Windows*". When executing it, sign up or log in, +and use Next button to proceed. When asked, select "*Custom installation*". + +In the "Select Components" page, select your desired Qt version. We recommend +the latest LTS version, and the stable Windows installers currently ship with Qt {qt6-lts-version}. +Select the following components: + +* MSVC 2019 64-bit +* Qt 5 Compatibility Module +* Qt Debug Information Files (contains PDB files which can be used for debugging) +* Under "Additional Libraries" select "Qt Multimedia" to support advanced +controls for playing back streams in the RTP Player dialog +* You can deselect all of the other the components +such as “Qt Charts” or “Android xxxx” as they aren’t required. + +The CMake variable CMAKE_PREFIX_PATH (see `https://doc.qt.io/qt-6/cmake-get-started.html`) should be set as appropriate for your environment and should point to the Qt installation directory, e.g. _C:\Qt{backslash}{qt6-lts-version}\msvc2019_64_ +Alternatively you can also use the environment variable WIRESHARK_QT6_PREFIX_PATH. + +Qt 6 is the default option for building Wireshark, but Wireshark has support for Qt 5.12 and later. To enable Wireshark to build with Qt 5 pass `-DUSE_qt6=OFF` +to cmake. + +[#ChSetupPython] + +==== Install Python + +Get a Python 3 installer from https://python.org/download/[] and install Python. +Its installation location varies depending on the options selected in the installer and on the version of Python that you are installing. +At the time of this writing the latest version of Python is 3.10, and common installation directories are +_C:\Users{backslash}**username**\AppData\Local\Programs\Python\Python310_, _C:\Program Files\Python310_, and _C:\Python310_. + +Alternatively you can install Python using Chocolatey: + +---- +choco install -y python3 +---- + +// Not sure how to document Chocolatey's installation location other than "could be anywhere, LOL" +// https://community.chocolatey.org/packages/python3/#discussion +Chocolatey will likely install Python in one of the locations above, or possibly in _C:\Tools\Python3_. + +// winget has Python 3 packages. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/p/Python/Python/3 + +[#ChSetupGit] + +==== Install Git + +Please note that the following is not required to build Wireshark but can be +quite helpful when working with the sources. + +Working with the Git source repositories is highly recommended, as described in +<<ChSrcObtain>>. It is much easier to update a personal source tree (local repository) with Git +rather than downloading a zip file and merging new sources into a personal +source tree by hand. It also makes first-time setup easy and enables the +Wireshark build process to determine your current source code revision. + +There are several ways in which Git can be installed. Most packages are +available at the URLs below or via https://chocolatey.org/[Chocolatey]. +Note that many of the GUI interfaces depend on the command line version. + +If installing the Windows version of git select the +_Use Git from the Windows Command Prompt_ (in chocolatey the _/GitOnlyOnPath_ +option). Do *not* select the _Use Git and optional Unix tools from the Windows Command Prompt_ +option (in chocolatey the _/GitAndUnixToolsOnPath_ option). + +===== The Official Windows Installer + +The official command-line installer is available at https://git-scm.com/download/win. + +===== Git Extensions + +Git Extensions is a native Windows graphical Git client for +Windows. You can download the installer from +https://github.com/gitextensions/gitextensions/releases/latest. + +===== TortoiseGit + +TortoiseGit is a native Windows graphical Git +similar to TortoiseSVN. You can download the installer from +https://tortoisegit.org/download/. + +===== Command Line client via Chocolatey + +The command line client can be installed (and updated) using Chocolatey: +---- +choco install -y git +---- + +// winget has git. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/g/Git/Git + +===== Others + +A list of other GUI interfaces for Git can be found at +https://git-scm.com/downloads/guis + + +[#ChSetupCMake] + +==== Install CMake + +While CMake is required to build Wireshark, it might have been installed as a component of either Visual Studio or Qt. +If that’s the case you can skip this step. +If you do want or need to install CMake, you can get it from https://cmake.org/download/[]. +Installing CMake into the default location is recommended. +Ensure the directory containing cmake.exe is added to your path. + +Alternatively you can install it using Chocolatey: + +---- +choco install -y cmake +---- + +// winget has CMake. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/k/Kitware/CMake + +Chocolatey ensures cmake.exe is on your path. + +[#ChSetupAsciidoctor] + +==== Install Asciidoctor, Xsltproc, And DocBook + +https://asciidoctor.org/[Asciidoctor] can be run directly as a Ruby script or via a Java wrapper (AsciidoctorJ). +The JavaScript flavor (Asciidoctor.js) isn’t yet supported. +It is used in conjunction with Xsltproc and DocBook to generate the documentation you're reading and the User’s Guide. + +You can install AsciidoctorJ, Xsltproc, and DocBook using Chocolatey. +AsciidoctorJ requires a Java runtime and there are https://en.wikipedia.org/wiki/List_of_Java_virtual_machines[many to choose from]. +Chocolatey doesn't support alternative package dependencies at the present time, including dependencies on Java. +As a result, installing the asciidoctorj package won't automatically install a Java runtime -- you must install one separately. + +---- +choco install -y <your favorite Java runtime> +choco install -y asciidoctorj xsltproc docbook-bundle +---- + +Chocolatey ensures that asciidoctorj.exe and xsltproc.exe is on your +path and that xsltproc uses the DocBook catalog. + +// winget has no Asciidoctor, xsltproc, or DocBook packages. + +==== Install winflexbison + +Get the winFlexBison installer from +https://sourceforge.net/projects/winflexbison/ +and install into the default location. +Ensure the directory containing win_flex.exe is on your path. + +Alternatively you can install Winflexbison using Chocolatey: + +---- +choco install -y winflexbison3 +---- + +Chocolatey ensures win_flex.exe is on your path. + +// winget has no bison package. + +==== Optional: Install Perl + +If needed you can get a Perl installer from +http://strawberryperl.com/ +or +https://www.activestate.com/ +and install Perl into the default location. + +Alternatively you can install Perl using Chocolatey: + +---- +choco install -y strawberryperl +# ...or... +choco install -y activeperl +---- + +// winget has StrawberryPerl. +// https://github.com/microsoft/winget-pkgs/tree/master/manifests/s/StrawberryPerl/StrawberryPerl + +==== Install and Prepare Sources + +[TIP] +.Make sure everything works +==== +It’s a good idea to make sure Wireshark compiles and runs at least once before +you start hacking the Wireshark sources for your own project. This example uses +Git Extensions but any other Git client should work as well. +==== + +*Download sources* Download Wireshark sources into +_C:\Development\wireshark_ using either the command line or Git Extensions: + +Using the command line: + +---- +cd C:\Development +git clone https://gitlab.com/wireshark/wireshark.git +---- + +Using Git extensions: + +. Open the Git Extensions application. By default Git Extensions + will show a validation checklist at startup. If anything needs to + be fixed do so now. You can bring up the checklist at any time + via menu:Tools[Settings]. + +. In the main screen select _Clone repository_. Fill in the following: ++ +Repository to clone: *`https://gitlab.com/wireshark/wireshark.git`* ++ +Destination: Your top-level development directory, e.g. _C:\Development_. ++ +Subdirectory to create: Anything you’d like. Usually _wireshark_. ++ +[TIP] +.Check your paths +==== +Make sure your repository path doesn't contain spaces. +==== + +. Click the btn:[Clone] button. Git Extensions should start cloning the + Wireshark repository. + +[#ChSetupPrepareCommandCom] + +==== Open a Visual Studio Command Prompt + +From the Start Menu (or Start Screen), navigate to the “Visual Studio 2022” folder and choose the https://docs.microsoft.com/en-us/cpp/build/building-on-the-command-line?view=msvc-170#developer_command_prompt_shortcuts[Command Prompt] appropriate for the build you wish to make, e.g. “x64 Native Tools Command Prompt for VS 2022” for a 64-bit version. +Depending on your version of Windows the Command Prompt list might be directly under “Visual Studio 2022” or you might have to dig for it under multiple folders, e.g. menu:Visual Studio 2022[Visual Studio Tools,Windows Desktop Command Prompts]. + +You can set up a build environment in your own command prompt by running the appropriate `vcvars__ARCHITECTURE__.bat` command. +See https://docs.microsoft.com/en-us/cpp/build/building-on-the-command-line?view=msvc-170#use-the-developer-tools-in-an-existing-command-window[Use the Microsoft C++ toolset from the command line] for details. + +[TIP] +.Pin the items to the Task Bar +==== +Pin the Command Prompt you use to the Task Bar for easy access. +==== + +All subsequent operations take place in this Command Prompt window. + +. Set environment variables to control the build. ++ +-- +Set the following environment variables, using paths and values suitable for your installation: + +[subs="attributes+"] +---- +rem Let CMake determine the library download directory name under +rem WIRESHARK_BASE_DIR or set it explicitly by using WIRESHARK_LIB_DIR. +rem Set *one* of these. +set WIRESHARK_BASE_DIR=C:\Development +rem set WIRESHARK_LIB_DIR=c:\wireshark-x64-libs +rem Set the Qt installation directory +set WIRESHARK_QT6_PREFIX_PATH=C:\Qt{backslash}{qt6-lts-version}\msvc2019_64 +rem Append a custom string to the package version. Optional. +set WIRESHARK_VERSION_EXTRA=-YourExtraVersionInfo +---- + +Setting these variables could be added to a batch file to be run after you open +the Visual Studio Tools Command Prompt. + +[TIP] +.Use of Qt’s LTS branch +==== +It is generally recommended to use a LTS ("long term support") version for Qt. The current LTS version for Qt 6 is +{qt6-lts-version}. +==== + +-- + +. Create and change to the correct build directory. +CMake is best used in an out-of-tree build configuration where the build is done in a separate directory from the source tree, leaving the source tree in a pristine state. +64 and 32 bit builds require a separate build directory. +Create (if required) and change to the appropriate build directory. ++ +-- +// XXX Our CI builds are in-tree in <src dir>/build. +---- +mkdir C:\Development\wsbuild64 +cd C:\Development\wsbuild64 +---- +to create and jump into the build directory. + +The build directory can be deleted at any time and the build files regenerated as detailed in <<ChWindowsGenerate>>. +-- + +[#ChWindowsGenerate] + +==== Generate the build files + +CMake is used to process the CMakeLists.txt files in the source tree and produce build files appropriate +for your system. + +You can generate Visual Studio solution files to build either from within Visual Studio, or from the command +line with MSBuild. CMake can also generate other build types but they aren't supported. + +The initial generation step is only required the first time a build directory is created. Subsequent +builds will regenerate the build files as required. + +If you've closed the Visual Studio Command Prompt <<ChSetupPrepareCommandCom,prepare>> it again. + +To generate the build files enter the following at the Visual Studio command prompt: +---- +cmake -G "Visual Studio 17 2022" -A x64 ..\wireshark +---- + +Adjusting the path to the Wireshark source tree as required. +To use a different generator modify the `-G` parameter. +`cmake -G` lists all the CMake supported generators, but only Visual Studio is supported for Wireshark builds. +32-bit builds are no longer supported. + +The CMake generation process will download the required 3rd party libraries (apart from Qt) +as required, then test each library for usability before generating the build files. + +At the end of the CMake generation process the following should be displayed: +---- +-- Configuring done +-- Generating done +-- Build files have been written to: C:/Development/wsbuild64 +---- + +If you get any other output, there is an issue in your environment that must be rectified before building. +Check the parameters passed to CMake, especially the `-G` option and the path to the Wireshark sources and +the environment variables `WIRESHARK_BASE_DIR` and `CMAKE_PREFIX_PATH`. + +[#ChWindowsBuild] + +==== Build Wireshark + +Now it’s time to build Wireshark! + +. If you've closed the Visual Studio Command Prompt <<ChSetupPrepareCommandCom,prepare>> it again. + +. Run ++ +-- +---- +msbuild /m /p:Configuration=RelWithDebInfo Wireshark.sln +---- +to build Wireshark. +-- + +. Wait for Wireshark to compile. This will take a while, and there will be a lot of text output in the command prompt window + +. Run _C:\Development\wsbuild64\run\RelWithDebInfo\Wireshark.exe_ and make sure it starts. + +. Open menu:Help[About]. If it shows your "private" program +version, e.g.: Version {wireshark-version}-myprotocol123 +congratulations! You have compiled your own version of Wireshark! + +You may also open the Wireshark solution file (_Wireshark.sln_) in the Visual Studio IDE and build there. + +TIP: If compilation fails for suspicious reasons after you changed some source +files try to clean the build files by running `msbuild /m /p:Configuration=RelWithDebInfo Wireshark.sln /t:Clean` +and then building the solution again. + +The build files produced by CMake will regenerate themselves if required by changes in the source tree. + +==== Debug Environment Setup + +You can debug using the Visual Studio Debugger or WinDbg. See the section +on using the <<ChToolsDebugger, Debugger Tools>>. + +==== Optional: Create User’s and Developer’s Guide + +To build the Wireshark User's Guide and the Wireshark Developer's Guide, +build the `all_guides` target, e.g. `msbuild all_guides.vcxproj`. +Detailed information to build these guides can be found in the file +_docbook\README.adoc_ in the Wireshark sources. + +==== Optional: Create a Wireshark Installer + +Note: You should have successfully built Wireshark +before doing the following. + +If you want to build your own +_Wireshark-{wireshark-version}-myprotocol123-x64.exe_, you'll need +NSIS. You can download it from http://nsis.sourceforge.net[]. + +Note that the 32-bit version of NSIS will work for both 64-bit and 32-bit versions of Wireshark. +NSIS version 3 is required. + +If you've closed the Visual Studio Command Prompt <<ChSetupPrepareCommandCom,prepare>> it again. Run + +---- +msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj +msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis.vcxproj +---- + +to build a Wireshark installer. +If you sign your executables you should do so between the “wireshark_nsis_prep” and “wireshark_nsis” steps. +To sign your installer you should place the signing batch script on the path. It must be named "sign-wireshark.bat". +It should be autodetected by CMake, to always require signing set the -DENABLE_SIGNED_NSIS=On CMake option. + +Run + +---- +packaging\nsis\wireshark-{wireshark-version}-myprotocol123-x64.exe +---- + +to test your new installer. +It’s a good idea to test on a different machine than the developer machine. + +[#ChSetupMSYS2] + +=== Windows: Using MinGW-w64 with MSYS2 + +MSYS2 comes with different environments/subsystems and the first thing you +have to decide is which one to use. The differences among the environments +are mainly environment variables, default compilers/linkers, architecture, +system libraries used etc. If you are unsure, go with UCRT64. + +==== Building from source + +. Open the shell for the selected 64-bit environment. + +. Download the Wireshark source code using Git, if you haven't done so already, + and cd into that directory. + +. Install needed dependencies: + + tools/msys2-setup.sh --install-all + +. Build using CMake + Ninja: + + mkdir build && cd build + # Ninja generator is the default + cmake -DENABLE_CCACHE=On -DFETCH_lua=Yes .. + ninja + ninja test # optional, to run the test suite + ninja install # optional, install to the MSYS2 shell path + +The application should be launched using the same shell. + +==== Building an .exe installer + +. Follow the instructions above to compile Wireshark from source. + +. Build the NSIS installer target. + + ninja wireshark_nsis_prep + ninja wireshark_nsis + +If successful the installer can be found in `$CMAKE_BINARY_DIR/packaging/nsis`. + +Alternatively you can also use the PKGBUILD included in the Wireshark +source distribution to compile Wireshark into a binary package that can be +https://www.msys2.org/wiki/Creating-Packages/[installed using pacman]. + +==== Comparison with MSVC toolchain + +The official Wireshark Windows installer is compiled using Microsoft Visual +Studio (MSVC). Currently the MSYS2 build has the following limitations compared to +the build using MSVC: + +* Lua does not have https://github.com/Lekensteyn/lua-unicode[custom UTF-8 patches]. + +* The Event Tracing for Windows (ETW) extcap cannot be compiled using MinGW-w64. + +* Enhanced Kerberos dissection with decryption is not available. + +* AirPcap is not supported. + +[#ChSetupCross] + +=== Windows: Cross-compilation using Linux + +It is possible to compile Wireshark for Microsoft Windows using Linux and MinGW. +This way developers can deploy Wireshark on Windows systems without requiring +a Windows host machine. Building for Windows using a Linux host is also +easier for devs already familiar with Linux, the build itself is faster and it +uses a very mature C/C++ compiler (GCC) and debugger (GDB). + +==== Using Fedora Linux + +https://fedoraproject.org/[Fedora Linux] provides the best out-of-the-box +support for MinGW cross-compilation. Fedora is what the project uses to test +the build and it's what we recommend. While any other reasonably modern Linux +distribution can be used, that will make the process more time consuming and +involve some trial and error to setup. + +The build instructions on Fedora follow the familiar recipe for building Wireshark +using Linux. + +===== Building from source + +. Install needed dependencies: + + tools/mingw-rpm-setup.sh --install-all + +. Build using CMake + Ninja: + + mkdir build && cd build + mingw64-cmake -G Ninja -DENABLE_CCACHE=Yes -DFETCH_lua=Yes .. + ninja ++ +Note that currently it is not possible to run the test-suite when cross-compiling. + +. Build the NSIS installer + + ninja wireshark_nsis_prep + ninja wireshark_nsis + +If successful the installer can be found in `$CMAKE_BINARY_DIR/packaging/nsis`. + +===== Notes and comparison with MSVC builds + +* Only the MSVCRT C library for Microsoft Windows can be used. Support for the + UCRT (Universal C Runtime) library on Fedora Linux is in the initial stages of + deployment and not ready for prime-time (at the time of this writing). + +* Some optional dependencies are missing from Fedora repositories and must be + compiled from source if desired. An up-to-date complete list can be found in + the bug tracker (https://gitlab.com/wireshark/wireshark/-/issues/19108[issue 19108]). + +* Lua does not have https://github.com/Lekensteyn/lua-unicode[custom UTF-8 patches]. + +* The Event Tracing for Windows (ETW) extcap cannot be compiled using MinGW-w64. + +* Enhanced Kerberos dissection with decryption is not available. + +* AirPcap is not supported. + +==== Using Arch Linux + +https://archlinux.org/[Arch Linux] has good support for MinGW using packages +from the https://aur.archlinux.org/[AUR]. Note that the mingw-w64 AUR packages +sometimes break. If that happens you may be required to fix it or skip the +package until it is fixed by the maintainer, if it's an optional dependency. +You may also want to consider using an +https://wiki.archlinux.org/title/unofficial_user_repositories[unofficial user repository] +(such as the https://martchus.no-ip.biz/repo/arch/ownstuff/[ownstuff] repository) +to provide pre-compiled packages. This will greatly simplify the initial setup +and subsequent upgrades. + +CAUTION: AUR packages and unofficial user repositories are user-produced +content. These packages are completely unofficial and have not been thoroughly +vetted. It is your decision whether to trust their maintainers and you take +full responsibility for choosing to use them. + +You will need to install an https://wiki.archlinux.org/title/AUR_helpers[AUR helper]. +This guide assumes `paru` is being used. + +. Install required dependencies from official repositories: + + pacman -S mingw-w64 nsis lemon qt6-tools ccache + +. Install required dependencies from the AUR: + + paru -S mingw-w64-cmake + paru -S mingw-w64-glib2 + paru -S mingw-w64-libgcrypt + paru -S mingw-w64-c-ares + paru -S mingw-w64-speexdsp + paru -S mingw-w64-libpcap + +. Install Qt6: + + paru -S mingw-w64-qt6-base mingw-w64-qt6-5compat mingw-w64-qt6-multimedia + +. Install optional dependencies: + + paru -S mingw-w64-gnutls + paru -S mingw-w64-lz4 + paru -S mingw-w64-snappy + paru -S mingw-w64-opus + paru -S mingw-w64-opencore-amr + paru -S mingw-w64-libxml2 + paru -S mingw-w64-libnghttp2 + paru -S mingw-w64-libssh + paru -S mingw-w64-minizip ++ +Search the AUR for other dependencies not listed above. + +. Build Wireshark using CMake + Ninja. From the directory containing the + Wireshark source tree run: + + mkdir build && cd build + x86_64-w64-mingw32-cmake -G Ninja -DENABLE_CCACHE=Yes -DFETCH_lua=Yes \ + -DMINGW_SYSROOT=/usr/x86_64-w64-mingw32 .. + ninja ++ +This will automatically download and build Lua as a static library. ++ +To reconfigure the CMake build you may to do it explicitly by running +`x86_64-w64-mingw32-cmake .` in the build directory, +instead of letting `ninja` do it for you automatically. + +. Build the NSIS installer + + ninja wireshark_nsis_prep + ninja wireshark_nsis + +If everything goes well the installer can be found in `$CMAKE_BINARY_DIR/packaging/nsis`. + +The same notes as the build using Fedora apply. diff --git a/docbook/wsdg_src/wsdg_sources.adoc b/docbook/wsdg_src/wsdg_sources.adoc new file mode 100644 index 0000000..9e2a3c1 --- /dev/null +++ b/docbook/wsdg_src/wsdg_sources.adoc @@ -0,0 +1,1412 @@ +[#ChapterSources] + +== Work with the Wireshark sources + +[#ChSrcIntro] + +=== Introduction + +This chapter will explain how to work with the Wireshark source code. +It will show you how to: + +* Get the source + +* Compile it on your machine + +* Submit changes for inclusion in the official release + +This chapter will not explain the source file contents in detail, +such as where to find specific functionality. This is done in +<<ChCodeOverview>>. + +[#ChSrcGitRepository] + +=== The Wireshark Git repository + +https://git-scm.com/[Git] is used to keep track of the changes made to the Wireshark source code. +The official repository is hosted at {wireshark-gitlab-project-url}[GitLab], and incoming changes are evaluated and reviewed there. +For more information on GitLab see https://docs.gitlab.com/ce/gitlab-basics/[their documentation]. + +.Why Git? + +Git is a fast, flexible way of managing source code. +It allows large scale distributed development and ensures data integrity. + +.Why GitLab? + +GitLab makes it easy to contribute. +You can make changes locally and push them to your own work area at gitlab.com, or if your change is minor you can make changes entirely within your web browser. + +.Historical trivia: GitLab is the *fourth* iteration of our source code repository and code review system. + +Wireshark originally used https://www.nongnu.org/cvs/[Concurrent Versions System] (CVS) and migrated to https://subversion.apache.org/[Subversion] in July 2004. +We migrated from Subversion to Git and https://www.gerritcodereview.com/[Gerrit] in January 2014, and from Gerrit to GitLab in August 2020. + +Using Wireshark’s GitLab project you can: + +* Keep your private sources up to date with very little effort. +* Receive notifications about code reviews and issues. +* Get the source files from any previous release (or any other point in time). +* Browse and search the source code using a web interface. +* See which person changed a specific piece of code. + +[#ChSrcWebInterface] + +==== Git Naming Conventions + +Like most revision control systems, Git uses +https://en.wikipedia.org/wiki/Branching_%28revision_control%29[branching] +to manage different copies of the source code and allow parallel development. +Wireshark uses the following branch naming conventions: + +.master. +Main feature development and odd-numbered development releases. + +.release-x.y, master-x.y. +Stable release maintenance. For example, release-3.4 is used to manage the 3.4.x official releases. + +Tags for major releases and release candidates consist of a “v” followed by a version number such as “v3.2.1” or “v3.2.3rc0”. +Major releases additionally have a tag prefixed with “wireshark-” followed by a version number, such as “wireshark-3.2.0”. + + +[#ChSrcGitWeb] +=== Browsing And Searching The Source Code + +If you need a quick look at the Wireshark source code you can browse the repository files in GitLab at + +{wireshark-code-browse-url} + +You can view commit logs, branches, and tags, find files and search the repository contents. +You can also download individual files. + +[#ChSrcObtain] +=== Obtaining The Wireshark Sources + +There are two primary ways to obtain Wireshark’s source code: Git and compressed .tar archives. +Each is described in more detail below. +We recommend using Git for day to day development, particularly if you wish to contribute changes back to the project. +The age mentioned in the following sections indicates the age of the most recent change in that set of the sources. + + +[#ChSrcGit] +==== Git Over SSH Or HTTPS + +This method is strongly recommended for day to day development. + +You can use a Git client to download the source code from Wireshark’s code review system. +Anyone can clone from the anonymous HTTP git URL: + +{wireshark-git-anonhttp-url} + +If you have a GitLab account you can also clone using SSH: + +{wireshark-git-ssh-url} + +If wish to make changes to Wireshark you must create a GitLab account, create a fork of the official Wireshark repository, update your fork, and create a merge request. +See <<ChSrcContribute>> for details. + +The following example shows how to get up and running on the command line. +See <<ChToolsGit>> for information on installing and configuring graphical Git clients. + +. Now on to the command line. +First, make sure `git` works: ++ +-- +[source,sh] +---- +$ git --version +---- +-- + +. If this is your first time using Git, make sure your username and email address are configured. +This is particularly important if you plan on uploading changes: ++ +-- +[source,sh] +---- +$ git config --global user.name "Henry Perry" +$ git config --global user.email henry.perry@example.com +---- +-- + +. Next, clone the Wireshark repository: ++ +-- +[source,sh] +---- +# If you have a GitLab account, you can use the SSH URL: +$ git clone -o upstream git@gitlab.com:wireshark/wireshark.git +# If you don't you can use the HTTPS URL: +$ git clone -o upstream https://gitlab.com/wireshark/wireshark.git +# You can speed up cloning in either case by adding --shallow-since=1year or --depth=5000. +---- +The clone only has to be done once. +This will copy all the sources (including directories) from the server to your machine and check out the latest version. + +The `-o upstream` flag uses the origin name “upstream” for the repository instead of the default “origin” as described in the https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html[GitLab documentation]. + +Cloning may take some time depending on the speed of your internet connection. + +The `--shallow-since=1year` option limits cloned commits to the last 1 year. + +The `--depth=5000` option limits cloned commits to the last 5000. +-- + +[#ChSrcDevelopmentSnapshots] +==== Development Snapshots + +This method is useful for one-off builds or if Git is inaccessible (e.g. because of a restrictive firewall). + +Our GitLab CI configuration automatically generates development packages, including source packages. +They can be found at {wireshark-snapshots-url}. +Packages are available for recent commits in the master branch and each release branch. + +[#ChSrcReleased] +==== Official Source Releases + +This method is recommended for building downstream release packages. + +The official source releases can be found at {wireshark-download-url}. +You should use these sources if you want to build Wireshark on your platform based on an official release with minimal or no changes, such as Linux distribution packages. + +[#ChSrcUpdating] +=== Update Your Wireshark Sources + +After you've obtained the Wireshark sources for the first time, +you might want to keep them in sync with the sources at the upstream +Git repository. + +[TIP] +.Take a look at the recent commits first +==== +As development evolves, the Wireshark sources are compilable most of the time -- but not always. +You should take a look at {wireshark-commits-url} before fetching or pulling to make sure the builds are in good shape. +==== + +[#ChSrcGitUpdate] +==== Update Using Git + +From time to time you will likely want to synchronize your master branch with the upstream repository. +You can do so by running: + +[source,sh] +---- +$ git pull --rebase upstream master +---- + +[#ChSrcBuildFirstTime] +=== Build Wireshark + +The sources contain several documentation files. It’s a good idea to read these +files first. After obtaining the sources, tools and libraries, the first place +to look at is _doc/README.developer_. Inside you will find the latest +information for Wireshark development for all supported platforms. + +.Build Wireshark before changing anything +[TIP] +==== +It is a very good idea to first test your complete build environment +(including running and debugging Wireshark) before making any changes +to the source code (unless otherwise noted). +==== + +Building Wireshark for the first time depends on your platform. + +==== Building on Unix + +Follow the build procedure in <<ChSetupUNIX>> to build Wireshark. + +==== Windows Native + +Follow the build procedure in <<ChSetupWindows>> to build Wireshark. + +After the build process has successfully finished, you should find a +`Wireshark.exe` and some other files in the `run\RelWithDebInfo` directory. + +[#ChSrcBuildType] +==== Build Type + +CMake can compile Wireshark for several different build types: + +.Build Types +|=== +|Type |Compiler Flags |Description + +|`RelWithDebInfo` +|`-O2 -g` +|Default, build with default optimizations and generate debug symbols. +Enables assertions and disables debug level logs + +|`Debug` +|`-O0 -g -DWS_DEBUG -DWS_DEBUG_UTF_8` +|For development, no optimization. Enables assertions +and debug level logs + +|`Release` +|`-O3 -DNDEBUG` +|Optimized for speed, no debug symbols or debug level logs or assertions + +|`MinSizeRel` +|`-Os -DNDEBUG` +|Optimized for size, no debug symbols or debug level logs or assertions +|=== + +The default is `RelWithDebInfo`, which provides a good compromise of +some optimization (`-O2`) along with including debug symbols (`-g`) +for release builds. For normal development coding you probably want to be +using `Debug` build type or set -DENABLE_DEBUG=On, to enable full +<<ChSrcLogging,logging capabilities>> and debug code. + +CMake will automatically add the -DNDEBUG option to certain build +types. This macro is used to disable assertions but it can be overruled +using ENABLE_ASSERT, which can be used to unconditionally enable assertions +if defined. + +To change the build type, set the CMake variable `CMAKE_BUILD_TYPE`, e.g.: + +[source,sh] +---- +$ cmake .. -DCMAKE_BUILD_TYPE=Debug +---- + +or on Windows, + +[source,cmd] +---- +> msbuild /m /p:Configuration=Debug Wireshark.sln +---- + +[#ChSrcRunFirstTime] +=== Run Your Version Of Wireshark + + +[TIP] +.Beware of multiple Wiresharks +==== +An already installed Wireshark may interfere with your newly generated +version in various ways. If you have any problems getting your Wireshark +running the first time, it might be a good idea to remove the previously +installed version first. +==== + +[#ChSrcRunFirstTimeUnix] +==== Unix-Like Platforms + +After a successful build you can run Wireshark right from the `run` directory. +There's no need to install it first. + +[source,sh] +---- +$ ./run/wireshark +---- + +There’s no need to run Wireshark as root user, but depending on your platform you might not be able to capture. +Running Wireshark this way can be helpful since debugging output will be displayed in your terminal. +You can also change Wireshark’s behavior by setting various environment variables. +See the {wireshark-man-page-url}wireshark.html#ENVIRONMENT-VARIABLES[ENVIRONMENT VARIABLES] section of the Wireshark man page for more details. + +On macOS, Wireshark is built as an application bundle (_run/Wireshark.app_) by default, and _run/wireshark_ will be a wrapper script that runs _Wireshark.app/Contents/MacOS/Wireshark_. +Along with running `./run/wireshark` as shown above you can also run it on the command line with `open run/Wireshark.app`. + +[#ChSrcRunFirstTimeWindows] +==== Windows Native + +By default the CMake-generated Visual {cpp} project places all of the files necessary to run Wireshark in the subdirectory `run\RelWithDebInfo`. +As with the Unix-like build described above, you can run Wireshark from the build directory without installing it first. + +[source,cmd] +---- +> .\run\RelWithDebInfo\Wireshark +---- + + +[#ChSrcDebug] +=== Debug Your Version Of Wireshark + +Optimization can make debugging a bit more difficult, e.g. by changing the +execution order of statements. To disable optimization, set the +<<ChSrcBuildType,build type>> to `Debug`. + +Full debug logs can be invaluable to investigate any issues with the code. +By default debug level logs are only enabled with `Debug` build type. You +can enable full debug logs and extra debugging code by configuring the +ENABLE_DEBUG CMake option. This in turn will define the macro symbol +`WS_DEBUG` and enable the full range of debugging code in Wireshark. + +There is an additional CMake knob called ENABLE_DEBUG_UTF_8 that can be used to +control specifically the extra validation Wireshark performs internally +for invalid UTF-8 encodings in internal strings, which should never happen +and can be somewhat expensive to check during normal usage. + +Conversely, the `Release` or `MinSizeRel` build types can be used to optimize +further for speed or size, but do not include debug symbols for use with +debuggers, and completely disable <<ChSrcLoggingLevels,lower level logging>> +and asserts, optimizing away the code path. Ensure that you have not built with +one of those types before attempting debugging. + +[#ChSrcLogging] +==== Wireshark Logging + +Wireshark has a flexible logging system to assist in development and troubleshooting. +Logging configuration takes into account what, when and where to output diagnostic messages. + +* The 'what generates log messages' is defined through logging domain(s). +* The 'when it generates log messages' is defined through the logging level. +* The 'where it outputs log messages' is defined through the output channel(s). + +The details to configure and use the logging system are explained in the following sections. + +[#ChSrcLoggingDomains] +===== Logging Domains + +Any part of Wireshark can be assigned a logging domain. This is already done for most of the internals of Wireshark, +e.g., "Main", "Capture", "Epan", "GUI". The domains are defined in the `ws_log_defs.h` header but dissectors should +define their own logging domain. Any string can be used as ID for a logging domain. + +[#ChSrcLoggingLevels] +===== Logging Levels + +The following logging levels are defined from highest to lowest: + +* error +* critical +* warning +* message +* info +* debug +* noisy + +By default logging output is generated for logging level "message" and above. If the logging level is lowered or raised +all log output generated at or above this level is sent to the log output. +Note that if the <<ChSrcBuildType,build type>> is not set to `Debug` +then by default all log output for the logging levels "debug" and +"noisy" will be optimized away by the compiler and cannot be emitted to the log +output, regardless of the logging setings. To enable debug logging for all build +types, set the CMake variable `-DENABLE_DEBUG=ON`. + +There is also a special "echo" logging level used exclusively for temporary debugging print outs (usually +via the `WS_DEBUG_HERE` macro). + +[#ChSrcLoggingOutput] +===== Logging Output + +By default logging output is sent to stderr. In addition to that it is possible to configure a log file. This collects all log output to the +file, besides the normal output streams. The output can then be read in a text editor or used with other text processing tools. + +A program can also register its own log writer when the standard facilities are insufficient or special handling is required. + +[#ChSrcConfigureLogging] +===== Configure Logging + +Logging can be configured through either environment variables or command line parameters. + +The following environment variables and command line parameters are used by the logging system: + +WIRESHARK_LOG_DOMAIN, WIRESHARK_LOG_DOMAINS, or --log-domain, --log-domains:: +This is a filter for the domain(s) which are to generate log messages. +WIRESHARK_LOG_LEVEL, or --log-level:: +This is the level (below critical) for which log messages are to be generated. This is used for all configured domains. +WIRESHARK_LOG_DEBUG, or --log-debug:: +These domain(s) will generate debug level log messages regardless of the log level and log domains configured. +WIRESHARK_LOG_NOISY, or --log_noisy:: +These domain(s) will generate noisy level log messages regardless of the log level and log domains configured. + +Multiple domains can be concatenated using commas or semicolons. The match can be inverted by prefixing the domain(s) list with an exclamation mark. + +[#ChSrcTrapsLogging] +==== Traps Set By Logging + +Sometimes it can be helpful to abort the program right after a log message of a certain level or a certain domain is output. + +The following environment variables are used to configure a trap by the logging system: + +WIRESHARK_LOG_FATAL, or --log_fatal:: +This is the level for which log messages are fatal. This can either be "critical" or "warning" level. + +WIRESHARK_LOG_FATAL_DOMAIN, WIRESHARK_LOG_FATAL_DOMAINS, or --log-fatal-domain, --log-fatal-domains:: +These are the domain(s) where output of a log message is fatal. This is less commonly used than the fatal log level setting above. + +[#ChSrcLoggingApi] +==== Logging APIs + +The logging API can be found in `wsutil/wslog.h`. + +To use the logging API for your code add the definition of the ID of your logging domain right after including `config.h`. For example: + +[source,c] +---- +/* My code doing something awesome */ +#include "config.h" +#define WS_LOG_DOMAIN "MyCode" + +#include <wireshark.h> + +... +---- + +Populate your code with the applicable function calls to generate log messages when enabled. The following convenience macros are provided: + +* `ws_error()` +* `ws_critical()` +* `ws_warning()` +* `ws_message()` +* `ws_info()` +* `ws_debug()` +* `ws_noisy()` + +All these take `printf()` style parameters. There is also a `WS_DEBUG_HERE` macro that is always active and outputs to a special "echo" +domain for temporary debug print outs. `WS_DEBUG_HERE` should be used for development purposes only and not appear in final delivery of the code. + +[#ChSrcUnixDebug] +==== Unix-Like Platforms + +You can debug using command-line debuggers such as gdb, dbx, or lldb. +If you prefer a graphic debugger, you can use an IDE or debugging frontend +such as Qt Creator, CLion, or Eclipse. + +Additional traps can be set on Wireshark, see <<ChSrcTrapsLogging>> + +[#ChSrcMemorySafety] +===== Memory Safety and Leaks + +Wireshark's wmem memory management framework makes it easy to allocate +memory in pools with a certain scope that is freed automatically at +a certain point (such as the end of dissecting a packet or when closing +a file), even if a dissector raises an exception after allocating the +memory. Memory in a pool is also freed collectively, which can be +considerably faster than calling `free()` individually on each individual +allocation. Proper use of wmem makes a dissector faster and less prone +to memory leaks with unexpected data, which happens frequently with +capture files. + +However, wmem's block allocation can obscure issues that memory checkers +might otherwise catch. Fortunately, the `WIRESHARK_DEBUG_WMEM_OVERRIDE` +environment variable can be set at runtime to instruct wmem to use a specific +memory allocator for all allocations, some of which are more compatible with +memory checkers: + +* `simple` - Uses `malloc()` only, no block allocation, compatible with Valgrind +* `strict` - Finds invalid memory via canaries and scrubbing freed memory +* `block` - Standard block allocator for file and epan scopes +* `block_fast` - Block allocator for short-lived scope, e.g. packet, (`free()` is a no-op) + +The `simple` allocator produces the most accurate results with tools like +https://valgrind.org[Valgrind] and can be enabled as follows: + +[source,sh] +---- +$ export WIRESHARK_DEBUG_WMEM_OVERRIDE=simple +---- + +Wireshark uses GLib's GSlice memory allocator, either indirectly via wmem or via various GLib API calls. +GLib provides a `G_SLICE` environment variable that can be set to `always-malloc` (similar to `simple`) or `debug-blocks` (similar to `strict`). +See https://developer-old.gnome.org/glib/stable/glib-running.html for details. +The C libraries on FreeBSD, Linux, and macOS also support memory allocation debugging via various environment variables. +You can enable many of them by running `source tools/debug-alloc.env` in a POSIX shell. + +If you're encountering memory safety bugs, you might want to build with +https://github.com/google/sanitizers/wiki/AddressSanitizer[Address Sanitizer] +(ASAN) so that Wireshark will immediately alert you to any detected issues. +It works with GCC or Clang, provided that the appropriate libraries are installed. + +[source,sh] +---- +$ cmake .. -G Ninja -DENABLE_ASAN=1 +$ source ../tools/debug-alloc.env +$ ./run/tshark ... +---- + +TIP: ASAN slows things down by a factor of 2 (or more), so having a different +build directory for an ASAN build can be useful. + +ASAN will catch more errors when run with either the `simple` or `strict` +wmem allocator than with the defaults. (It is more compatible with the +`strict` allocator and the analogous GSlice `debug-blocks` option than +Valgrind is.) + +For additional instrumentation, ASAN supports a number of +https://github.com/google/sanitizers/wiki/AddressSanitizerFlags[options]. + +For further investigating memory leaks, the following can be useful: + +[source,sh] +---- +# This slows things down a lot more but results in more precise backtraces, +# especially when calling third party libraries (such as the C++ standard +# library): +$ export ASAN_OPTIONS=fast_unwind_on_malloc=0 +# This causes LeakSanitizer to print the addresses of leaked objects for +# inspection in a debugger: +$ export LSAN_OPTIONS=report_objects=1 +---- + +LeakSanitizer and AddressSanitizer can detect issues in third-party libraries +that you cannot do anything about. For example, internal Qt library calls to +the fontconfig library can produce leaks. To ignore them, create a +https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer#suppressions[suppressions file] with an appropriate entry, e.g. `leak:libfontconfig`. + +If you are just interested in memory safety checking, but not memory +leak debugging, disable the included https://github.com/google/sanitizers/wiki/AddressSanitizerLeakSanitizer[LeakSanitizer] with: + +[source,sh] +---- +$ export ASAN_OPTIONS=detect_leaks=0 +---- + +[#ChSrcWindowsDebug] +==== Windows Native + +You can debug using the Visual Studio Debugger or WinDbg. See the section +on using the <<ChToolsDebugger, Debugger Tools>>. + +[#ChSrcChange] +=== Make Changes To The Wireshark Sources + +There are several reasons why you might want to change Wireshark’s sources: + +* Add support for a new protocol (i.e., add a new dissector) + +* Change or extend an existing dissector + +* Fix a bug + +* Implement a glorious new feature + +Wireshark’s developers work on a variety of different platforms and use a variety of different development environments. +Although we don't enforce or recommend a particular environment, your editor should support https://editorconfig.org/[EditorConfig] in order to make sure you pick up the correct indentation style for any files that you might edit. + +The internal structure of the Wireshark sources are described in <<PartDevelopment>>. + +.Ask the {wireshark-dev-list-email} mailing list before you start a new development task. +[TIP] +==== +If you have an idea what you want to add or change it’s a good idea to +contact the developer mailing list +(see <<ChIntroMailingLists>>) +and explain your idea. Someone else might already be working on the same +topic, so a duplicated effort can be reduced. Someone might also give you tips that +should be thought about (like side effects that are sometimes very +hard to see). +==== + +// XXX - Add a section on branching. + +[#ChSrcContribute] +=== Contribute Your Changes + +If you have finished changing the Wireshark sources to suit your needs, you might want to contribute your changes back to the Wireshark community. +You gain the following benefits by contributing your improvements: + +.It’s the right thing to do. +Other people who find your contributions useful will appreciate them, and you will know that you have helped people in the same way that the developers of Wireshark have helped you. + +.You get free enhancements. +By making your code public, other developers have a chance to make improvements, as there’s always room for improvements. +In addition someone may implement advanced features on top of your code, which can be useful for yourself too. + +You save time and effort. +The maintainers and developers of Wireshark will maintain your code as well, updating it when API changes or other changes are made, and generally keeping it in tune with what is happening with Wireshark. +So if Wireshark is updated (which is done often), you can get a new Wireshark version from the website and your changes will already be included without any effort for you. + +There’s no direct way to push changes to the {wireshark-gitlab-project-url}[main repository]. +Only a few people are authorised to actually make changes to the source code (check-in changed files). +If you want to submit your changes, you should upload them to the code review system at {wireshark-code-review-url}. +This requires you to set up git as described at <<ChSrcGit>>. + +[#ChSrcCreatingMergeRequests] +==== Creating Merge Requests + +// To do: +// - Note that you can mirror your fork: https://about.gitlab.com/blog/2016/12/01/how-to-keep-your-fork-up-to-date-with-its-origin/ +// - Mention CLI utilities. + +GitLab uses a https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html[forking workflow], which looks like this: + +.GitLab Workflow +image::images/git-triangular-workflow.svg[] + +In the diagram above, your fork can created by pressing the “Fork” button at {wireshark-gitlab-project-url}. +Your local repository can be created as described in <<ChSrcGit>>. +You only need to do this once. +You should pull from the main repository on a regular basis in order to ensure that your sources are current. +You should push any time you want to make a merge request or otherwise make your code public. +The “Pull”, “Push”, and “Merge Request” parts of the workflow are important, so let’s look at them in more detail. + +First, you need to set up your environment. +For the steps below we’ll pretend that your username is “henry.perry”. + +. Sign in to {wireshark-gitlab-project-url} by clicking “Sign in / Register” in the upper right corner of the web page and following the login instructions. + +. https://docs.gitlab.com/ce/ssh/[Add an SSH key to your account] as described in the GitLab documentation. + +. Make sure you have a clone of the main repository as described in <<ChSrcGit>>. + +. Create your own personal fork of the Wireshark project by https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html[pressing the “Fork” button] at {wireshark-gitlab-project-url}. ++ +-- +WARNING: If you want to make merge requests you must keep your fork public. +Making it private will disassociate it from the main Wireshark repository. +-- + +. Add a remote for your personal repository. +The main repository remote is named “upstream”, so we'll name this one “downstream”. ++ +-- +[source,sh] +---- +$ git remote add downstream git@gitlab.com:henry.perry/wireshark.git +---- +-- + +. Double-check your remotes: ++ +-- +[source,sh] +---- +$ git remote -v +$ downstream git@gitlab.com:henry.perry/wireshark.git (fetch) +$ downstream git@gitlab.com:henry.perry/wireshark.git (push) +$ upstream git@gitlab.com:wireshark/wireshark.git (fetch) +$ upstream git@gitlab.com:wireshark/wireshark.git (push) +---- +-- + +Before you begin it’s a good idea to synchronize your local repository with the main repository. +This is the *Pull* part of the workflow. +You should do this periodically in order to stay up to date and avoid merge conflicts later on. + +. Fetch and optionally apply the latest changes. ++ +-- +[source,sh] +---- +# Fetch changes from upstream and apply them to the current branch... +$ git pull --rebase upstream master +# ...or fetch changes and leave the current branch alone +$ git fetch upstream +---- +-- + +Now you’re ready to create a merge request (the *Push* and *Merge Request* parts of the workflow above). + +. First, create a branch for your change: ++ +-- +[source,sh] +---- +$ git checkout -b my-glorious-new-feature upstream/master +---- +-- + +. Write some code! +See <<ChSrcGoodPatch>> and <<ChSrcCodeRequirements>> for details. + +. Commit your changes. +See <<ChSrcGoodCommitMessage>> for details. ++ +-- +[source,sh] +---- +$ git commit -a +---- +-- + +. Push your changes to your personal repository. ++ +-- +[source,sh] +---- +$ git push downstream HEAD +---- +-- + +. Go to {wireshark-merge-request-url}. +You should see a https://docs.gitlab.com/ee/user/project/merge_requests/creating_merge_requests.html#create-merge-request-button[“Create merge request”] button. +Press it. + +. In the merge request page, make sure “Allow commits from members who can merge to the target branch” is selected so that core developers can rebase your change. You might want to select “Delete source branch when merge request is accepted” as well. Click the “Submit merge request” button. + +// XXX Add command line instructions for one or more of the following: +// https://docs.gitlab.com/ee/user/project/push_options.html +// https://github.com/zaquestion/lab - Go (single binary). +// https://invent.kde.org/sdk/git-lab - Developed by the KDE team. +// https://github.com/vishwanatharondekar/gitlab-cli - Might work well for people who don't mind using NPM. + + +[#ChSrcUpdatingMergeRequests] +==== Updating Merge Requests + +At this point various automated tests will be run and someone will review your change. +If you need to make changes you can do so by force-pushing it to the same branch in your personal repository. + +. Push your changes to your personal repository. ++ +-- +[source,sh] +---- +# First, make sure you're on the right branch. +$ git status +On branch my-glorious-new-feature +---- +-- + +. Update your code. + +. Push your changes to your personal repository. ++ +-- +[source,sh] +---- +# Modify the current commit and force-push... +$ git commit --amend ... +$ git push downstream +HEAD +# ...or keep the current commit as-is add another commit on top of it +$ git commit ... +$ git push downstream HEAD +---- +The `+` sign is shorthand for forcing the push (`-f`). +-- + +[#ChSrcGoodPatch] +==== Some Tips For A Good Patch + +Some tips that will make the merging of your changes into Git much more likely +(and you want exactly that, don't you?): + +.Use the latest Git sources. +It’s a good idea to work with the same sources that are used by the other developers. +This usually makes it much easier to apply your patch. +For information about the different ways to get the sources, see <<ChSrcObtain>>. + +.Update your sources just before making a patch. +For the same reasons as the previous point. + +.Inspect your patch carefully. +Run `git diff` or `git show` as appropriate and make sure you aren't adding, removing, or omitting anything you shouldn't. + +.Give your branch a brief but descriptive name. +Short, specific names such as _snowcone-machine-protocol_ are preferred. + +.Don't put unrelated things into one large change. +Merge requests should be limited in scope. +For example, updates to the Snowcone Machine Protocol dissector and the Coloring Rules dialog box should be in separate merge requests. + +In general, making it easier to understand and apply your patch by one of the maintainers will make it much more likely (and faster) that it will actually be applied. + +.Thank you in advance for your patience. +Wireshark is a volunteer effort. +As a result, we can’t guarantee a quick turnaround time. + +.Preview the final product. +Wireshark’s GitLab CI jobs are disabled by default for forks, but if you need to test any CI jobs you can do so under the “Pipelines” section in your repository. +For example, if your change might affect Debian (apt) packaging you can run the “build:debian-stable” job. + +[#ChSrcGoodCommitMessage] +==== Writing a Good Commit Message + +When running `git commit`, you will be prompted to describe your change. +Here are some guidelines on how to make that message more useful to other people (and to scripts that may try to parse it): + +.Provide a brief description (under 60 characters or so) of the change in the first line. +If the change is specific to a single protocol, start this line with the abbreviated name of the protocol and a colon. +If the change is not yet complete prefix the line with “WIP:” to inform this change not to be submitted yet. +This be removed when the change is ready to be merged. + +.Insert a single blank line after the first line. +This is required by various formatting tools and helpful to humans. + +.Provide a detailed description of the change in the lines that follow. +Break paragraphs where needed. +Limit each line to 80 characters. + +You can also reference and close issues in a commit message by prefixing the issue number with a https://docs.gitlab.com/ee/user/project/issues/managing_issues.html#closing-issues-automatically[number sign]. +For example, “closes #5” will close issue number 5. + +Putting all that together, we get the following example: + +[source] +---- +MIPv6: Fix dissection of Service Selection Identifier + +APN field is not encoded as a dotted string so the first character is not a +length. Closes #10323. +---- + +[#ChSrcCodeRequirements] + +==== Code Requirements + +To ensure Wireshark’s code quality and to reduce friction in the code review process, there are some things you should consider before submitting a patch: + +.Follow the Wireshark source code style guide. +Wireshark runs on many platforms, and can be compiled with a number of different compilers. +It’s easy to write code that compiles on your machine, but doesn’t compile elsewhere. +The guidelines at <<ChCodeStyle>> describe the techniques and APIs that you can use to write high-quality, portable, and maintainable code in our environment. + +.Submit dissectors as built-in whenever possible. +Developing a new dissector as a plugin can make compiling and testing quicker, but it’s usually best to convert it to built-in before submitting for review. +This reduces the number of files that must be installed with Wireshark and ensures your dissector will be available on all platforms. + +Dissectors vary, so this is not a hard-and-fast rule. +Most dissectors are single C modules that can easily be put into “the big pile.” +Some (most notably ASN.1 dissectors) are generated using templates and configuration files. +Others are split across multiple source files and are often more suitable to be placed in a separate plugin directory. + +.Ensure that the Wireshark Git Pre-Commit Hook is in the repository. +In your local repository directory, there will be a __.git/hooks/__ directory, with sample git hooks for running automatic actions before and after git commands. +You can also optionally install other hooks that you find useful. + +In particular, the _pre-commit_ hook will run every time you commit a change and can be used to automatically check for various errors in your code. +The sample git pre-commit hook simply detects whitespace errors such as mixed tabs and spaces. +To install it just remove the .sample suffix from the existing _pre-commit.sample_ file. + +Wireshark provides a custom pre-commit hook which does additional Wireshark-specific API and formatting checks, but it might return false positives. +If you want to install it, copy the pre-commit file from the tools directory (`cp ./tools/pre-commit .git/hooks/`) and make sure it is executable or it will not be run. + +If the pre-commit hook is preventing you from committing what you believe is a valid change, you can run `git commit --no-verify` to skip running the hooks. +Warning: using --no-verify avoids the commit-msg hook, and thus if you have setup this hook it will not run. + +Additionally, if your system supports symbolic links, as all UNIX-like platforms do, you can use them instead of copying files. +Running `ln -s ../../tools/pre-commit .git/hooks` creates a symbolic link that will make the hook to be up-to-date with the current master. + +.Choose a compatible license. +Wireshark is released under the {spdx-license-url}GPL-2.0-or-later.html[GPL version 2 or later], and it is strongly recommended that incoming code use that license. +If that is not possible, it *must* use a compatible license. +The following licenses are currently allowed: + +* BSD {spdx-license-url}BSD-1-Clause.html[1], {spdx-license-url}BSD-2-Clause.html[2], {spdx-license-url}BSD-3-Clause.html[3] clause +* {spdx-license-url}GPL-3.0-or-later.html[GPL version 3 or later] *with* the https://www.gnu.org/software/bison/manual/html_node/Conditions.html[Bison parser exception] +* {spdx-license-url}ISC.html[ISC] +* {spdx-license-url}LGPL-2.0-or-later.html[LGPL v2 or later], including {spdx-license-url}LGPL-2.1-or-later.html[v2.1] +* {spdx-license-url}MIT.html[MIT] / {spdx-license-url}X11.html[X11] +* {wikipedia-main-url}Public_domain[Public domain] +* {spdx-license-url}Zlib.html[zlib/libpng] + +Notable incompatible licenses include {spdx-license-url}Apache-2.0.html[Apache 2.0], {spdx-license-url}GPL-3.0-or-later.html[GPL 3.0], and {spdx-license-url}LGPL-3.0-or-later.html[LGPL 3.0]. + +.Fuzz test your changes. +Fuzz testing is a very effective way of finding dissector related bugs. +In our case fuzzing involves making random changes to capture files and feeding them to TShark in order to try to make it crash or hang. +There are tools available to automatically do this on any number of input files. +See {wireshark-wiki-url}FuzzTesting for details. + +[#ChSrcUpload] + +//// +==== Uploading your changes + +When you're satisfied with your changes (and obtained any necessary +approval from your organization) you can upload them for review at +{wireshark-code-review-url}. This requires a GitLab account +as described at <<ChSrcGitRepository>>. + +You need to fork your repository which will became yours, and you will have write access to it. Once +you are done with your changes, push them to a branch of your choice (as snowcone-machine). Now in the +GitLab's UI a message will tell you that you created a new branch and a button to create a merge request. + + +[source,sh] +---- +$ git push https://gitlab.com/wireshark/<my.username>.git HEAD:<branchname> +---- + +The username `my.username` is the one which was given during registration with +the review system. + +You can push using any Git client. + +You might get one of the following responses to your patch request: + +* Your patch is checked into the repository. Congratulations! + +* You are asked to provide additional information, capture files, or other + material. If you haven't fuzzed your code, you may be asked to do so. + +* Your patch is rejected. You should get a response with the reason for + rejection. Common reasons include not following the style guide, buggy or + insecure code, and code that won't compile on other platforms. In each case + you'll have to fix each problem and upload another patch. + +* You don't get any response to your patch. Possible reason: All + the core developers are busy (e.g., with their day jobs or family or other commitments) and + haven't had time to look at your patch. Don't worry, if + your patch is in the review system it won't get lost. + +If you're concerned, feel free to add a comment to the patch or send an email +to the developer’s list asking for status. But please be patient: most if not +all of us do this in our spare time. +//// + +[#ChSrcBackport] +==== Backporting A Change + +:example-branch: master-3.2 +When a bug is fixed in the master branch it’s sometimes desirable or necessary to backport the fix to a release branch. +You can do this in Git by cherry-picking the change from one branch to another. +Suppose you want to backport change 1ab2c3d4 from the master branch to {example-branch}. +You can do so as follows: + +[source,sh,subs="attributes+"] +---- +# Create a new topic branch for the backport. +$ git checkout -b backport-1ab2c3d4 upstream/{example-branch} + +# Cherry-pick the change. Include a "cherry picked from..." line. +$ git cherry-pick -x 1ab2c3d4 + +# If there are conflicts, fix them. + +# Compile and test the change. +$ ninja +$ ... + +# OPTIONAL: Add entries to docbook/release-notes.adoc. +$EDITOR docbook/release-notes.adoc + +# If you made any changes, update your commit. +git commit --amend -a + +# Push the change to your working repository. +git push downstream HEAD +---- + +You can also cherry-pick changes in the https://docs.gitlab.com/ee/user/project/merge_requests/cherry_pick_changes.html[GitLab web UI]. + +//// +// XXX Is this relevant any more? +[#ChSrcPatchApply] +=== Apply a patch from someone else + +Sometimes you need to apply a patch to your private source tree. Maybe +because you want to try a patch from someone on the developer mailing +list, or you want to check your own patch before submitting. + + +.Beware line endings +[WARNING] +==== +If you have problems applying a patch, make sure the line endings (CR/LF) +of the patch and your source files match. +==== + +[#ChSrcPatchUse] +==== Using patch + +Given the file _new.diff_ containing a unified diff, +the right way to call the patch tool depends on what the pathnames in +_new.diff_ look like. +If they're relative to the top-level source directory (for example, if a +patch to _prefs.c_ just has _prefs.c_ as the file name) you’d run it as: + +[source,sh] +---- +$ patch -p0 < new.diff +---- + +If they're relative to a higher-level directory, you’d replace 0 with the +number of higher-level directories in the path, e.g. if the names are +_wireshark.orig/prefs.c_ and +_wireshark.mine/prefs.c_, you’d run it with: + +[source,sh] +---- +$ patch -p1 < new.diff +---- + +If they're relative to a _subdirectory_ of the top-level +directory, you’d run `patch` in _that_ directory and run it with `-p0`. + +If you run it without `-pat` all, the patch tool +flattens path names, so that if you +have a patch file with patches to _CMakeLists.txt_ and +_wiretap/CMakeLists.txt_, +it'll try to apply the first patch to the top-level +_CMakeLists.txt_ and then apply the +_wiretap/CMakeLists.txt_ patch to the top-level +_CMakeLists.txt_ as well. + +At which position in the filesystem should the patch tool be called? + +If the pathnames are relative to the top-level source directory, or to a +directory above that directory, you’d run it in the top-level source +directory. + +If they're relative to a *subdirectory* -- for example, +if somebody did a patch to _packet-ip.c_ and ran `diff` or `git diff` in +the _epan/dissectors_ directory -- you’d run it in that subdirectory. +It is preferred that people *not* submit patches like +that, especially if they're only patching files that exist in multiple +directories such as _CMakeLists.txt_. +//// + +[#ChSrcBinary] + +=== Binary Packaging + +Delivering binary packages makes it much easier for the end-users to +install Wireshark on their target system. This section will explain how +the binary packages are made. + +[#ChSrcVersioning] + +==== Packaging Guidelines + +The following guidelines should be followed by anyone creating and +distributing third-party Wireshark packages or redistributing official +Wireshark packages. + +[discrete] +===== Spelling And Capitalization + +Wireshark is spelled with a capital “W”, and with everything else lower +case. “WireShark” in particular is incorrect. + +[discrete] +===== Main URL + +The official Wireshark project URL is https://www.wireshark.org/. + +[discrete] +===== Download URLs + +Official packages are distributed on the main web server +(www.wireshark.org) and a +https://www.wireshark.org/download.html#spelunking[number of download +mirrors]. The canonical locations for packages are in the _all_versions_ +subdirectories on each server. + +For example, if your packaging system links to or downloads the +source tarball and you want to download from 1.na.dl.wireshark.org, +use + +https://1.na.dl.wireshark.org/download/src/all-versions/wireshark-{wireshark-version}.tar.xz + +instead of + +https://1.na.dl.wireshark.org/download/src/wireshark-{wireshark-version}.tar.xz + +[discrete] +===== Artwork + +Logo and icon artwork can be found in the _image_ directory in the +distribution. This is available online at + +{wireshark-code-browse-url}/image + +[discrete] +===== Licensing + +Wireshark is released under the GNU General Public License version 2 or +later. Make sure you and your package comply with this license. + +[discrete] +===== Trademarks + +Wireshark and the “fin” logo are registered trademarks of the Wireshark +Foundation. Make sure you and your package comply with trademark law. + +[discrete] +===== Privileges + +All function calls that require elevated privileges are in dumpcap. + +WIRESHARK CONTAINS OVER THREE MILLION LINES OF SOURCE CODE. DO NOT RUN +THEM AS ROOT. + +Warnings are displayed when Wireshark and TShark are run as root. + +There are two <<ChToolsCMake,configure-time options>> on non-Windows +systems that affect the privileges a normal user needs to capture +traffic and list interfaces: + +-DDUMPCAP_INSTALL_OPTION=capabilities:: +Install dumpcap with cap_net_admin and cap_net_raw capabilities. Linux +only. + +-DDUMPCAP_INSTALL_OPTION=suid:: +Install dumpcap setuid root. + +These are necessary for non-root users to be able to capture on most +systems, e.g. on Linux or FreeBSD if the user doesn't have permissions +to access /dev/bpf*. Setcap installation is preferred over setuid on +Linux. If `-DDUMPCAP_INSTALL_OPTION=capabilities` is used it will +override any setuid settings. + +The `-DENABLE_CAP` option is only useful when dumpcap is installed +setuid. If it is enabled dumpcap will try to drop any setuid privileges +it may have while retaining the `CAP_NET_ADMIN` and `CAP_NET_RAW` +capabilities. It is enabled by default, if the Linux capabilities +library (on which it depends) is found. + +Note that enabling setcap or setuid installation allows packet capture +for ALL users on your system. If this is not desired, you can restrict +dumpcap execution to a specific group or user. The following two examples +show how to restrict access using setcap and setuid respectively: + +[source,sh] +---- +# groupadd -g packetcapture +# chmod 750 /usr/bin/dumpcap +# chgrp packetcapture /usr/bin/dumpcap +# setcap cap_net_raw,cap_net_admin+ep /usr/bin/dumpcap + +# groupadd -g packetcapture +# chgrp packetcapture /usr/bin/dumpcap +# chmod 4750 /usr/bin/dumpcap +---- + +[discrete] +===== Customization + +Custom version information can be added by running +`tools/make-version.py`. If your package contains significant changes we +recommend that you use this to differentiate it from official Wireshark +releases. + +[source, sh] +---- +tools/make-version.py --set-release --untagged-version-extra=-{vcsinfo}-FooCorp --tagged-version-extra=-FooCorp . +---- + +See `tools/make-version.py` for details. + +The Git version corresponding to each release is in _version.h_. It's +defined as a string. If you need a numeric definition, let us know. + +If you have a question not addressed here, please contact +{wireshark-dev-list-email}. + + +[#ChSrcDeb] + +==== Debian: .deb Packages + +The Debian Package is built using dpkg-buildpackage, based on information found in the source tree under _packaging/debian_. +You must create a top-level symbolic link to _packaging/debian_ before building. +See https://www.debian.org/doc/manuals/maint-guide/build.en.html for a more in-depth discussion of the build process. + + +In the wireshark directory, type: + +[source,sh] +---- +ln -snf packaging/debian +export DEB_BUILD_OPTIONS="nocheck" +dpkg-buildpackage -b -us -uc -jauto +---- + +to build the Debian Package. + +[#ChSrcRpm] + +==== Red Hat: .rpm Packages + +You can build an RPM package using the `wireshark_rpm` target. If you +are building from a git checkout, the package version is derived from +the current git HEAD. If you are building from source extracted from a +tarball created with `git archive` (such as those downloaded from +http://www.wireshark.org/download.html), you must place the original +tarball into your build directory. + +The package is built using https://rpm.org/[rpmbuild], which comes as +standard on many flavours of Linux, including Red Hat, Fedora, and +openSUSE. The process creates a clean build environment in +_$\{CMAKE_BINARY_DIR}/packaging/rpm/BUILD_ each time the RPM is built. +The settings that control the build are in +_$\{CMAKE_SOURCE_DIR}/packaging/rpm/wireshark.spec.in_. The generated +SPEC file contains CMake flags and other settings for the RPM build +environment. Many of these come from the parent CMake environment. +Notable ones are: + +* _prefix_ is set to _CMAKE_INSTALL_PREFIX_. By default this is + _/usr/local_. Pass `-DCMAKE_INSTALL_PREFIX=/usr` to create a package + that installs into _/usr_. + +* Whether or not to create the “wireshark-qt” package + (`-DBUILD_wireshark`). + +* Lua, c-ares, nghttp2, and other library support (`-DENABLE_...`). + +* Building with Ninja (`-G Ninja`). + +In your build directory, type: + +[source,sh] +---- +ninja wireshark_rpm +# ...or, if you're using GNU make... +make wireshark_rpm +---- + +to build the binary and source RPMs. When it is finished there will be a +message stating where the built RPM can be found. + +.This might take a while +[TIP] +==== +This creates a tarball, extracts it, compiles Wireshark, and constructs +a package. This can take quite a long time. You can speed up the process +by using Ninja. If you're using GNU make you can add the following to +your `~/.rpmmacros` file to enable parallel builds: + +---- +%_smp_mflags -j %(grep -c processor /proc/cpuinfo) +---- +==== + +Building the RPM package requires quite a few packages and libraries +including GLib, `gcc`, `flex`, Asciidoctor, and Qt development +tools such as `uic` and `moc`. The required Qt packages can usually be +obtained by installing the _qt5-devel_ package. For a complete list of +build requirements, look for the “BuildRequires” lines in +_packaging/rpm/wireshark.spec.in_. + +[#ChSrcOSX] + +==== macOS: .dmg Packages + +The macOS Package is built using macOS packaging tools, based on information found in the source tree under _packaging/macosx_. +It requires https://asciidoctor.org/[Asciidoctor] and https://pypi.org/project/dmgbuild/[dmgbuild]. + +In your build directory, type: + +[source,sh] +---- +ninja wireshark_dmg logray_dmg # (Modify as needed) +# ...or, if you're using GNU make... +make wireshark_dmg logray_dmg # (Modify as needed) +---- + +to build the macOS Packages. + +[#ChSrcNSIS] + +==== Windows: NSIS .exe Installer + +The _Nullsoft Install System_ is a free installer generator for Windows systems. +Instructions on installing it can be found in <<ChToolsNSIS>>. +NSIS is script based. You can find the main Wireshark installer generation script at _packaging/nsis/wireshark.nsi_. + +When building with CMake you must first build the _wireshark_nsis_prep_ target, followed by the _wireshark_nsis_ target, e.g. + +[source,cmd] +---- +> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj +> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis.vcxproj +---- + +Splitting the packaging projects in this way allows for code signing. + +[TIP] +.This might take a while +==== +Please be patient while the package is compressed. +It might take some time, even on fast machines. +==== + +If everything went well, you will now find something like: +_wireshark-setup-{wireshark-version}.exe_ in +the _packaging/nsis_ directory in your build directory. + +[#ChSrcPortableApps] + +==== Windows: PortableApps .paf.exe Package + +_PortableApps.com_ is an environment that lets users run popular applications +from portable media such as flash drives and cloud drive services. + +* Install the _PortableApps.com Platform_. Install for “all users”, which +will place it in `C:\PortableApps`. + + +* Add the following apps: + +** PortableApps.com Installer +** PortableApps.com Launcher + +When building with CMake you must first build the _wireshark_nsis_prep_ target +(which takes care of general packaging dependencies), followed by the +_wireshark_portableapps_ target, e.g. + +[source,cmd] +---- +> msbuild /m /p:Configuration=RelWithDebInfo wireshark_nsis_prep.vcxproj +> msbuild /m /p:Configuration=RelWithDebInfo wireshark_portableapps.vcxproj +---- + +[TIP] +.This might take a while +==== +Please be patient while the package is compressed. +It might take some time, even on fast machines. +==== + +If everything went well, you will now find something like: +_WiresharkPortable64{underscore}{wireshark-version}.paf.exe_ in +the _packaging/portableapps_ directory. + +[#ChSrcMimeTypes] + +=== Mime Types + +Wireshark uses various mime-types for dragging dropping as well as file formats. +This chapter gives an overview over all the mimetypes being used, as well as the +data format in which data has to be provided for each individual mimetype. + +If not otherwise stated, the data is encoded as a JSON Object. + +==== Display Filter + +**MimeType**: application/vnd.wireshark.displayfilter + +Display filters are being dragged and dropped by utilizing this mime type. + +[source,json] +---- +{ + "filter": "udp.port == 8080", + "field": "udp.port", + "description": "UDP Port" +} +---- + +==== Coloring Rules + +**MimeType**: application/vnd.wireshark.coloringrules + +Coloring Rules are being used for dragging and dropping color rules inside the +coloring rules dialog. + +[source,json] +---- +{ + "coloringrules" : + [ + { + "disabled": false, + "name": "UDP Ports for 8080", + "filter": "udp.port == 8080", + "foreground": "[0x0000, 0x0000, 0x0000]", + "background": "[0xFFFF, 0xFFFF, 0xFFFF]" + } + ] +} +---- + +==== Filter List + +**MimeType**: application/vnd.wireshark.filterlist + +*_Internal Use only_* - used on the filter list for moving entries within the +list + +==== Column List + +**MimeType**: application/vnd.wireshark.columnlist + +*_Internal Use only_* - used on the column list for moving entries within the +list + + +// End of WSDG Chapter Sources + +// vim: set syntax=asciidoc: diff --git a/docbook/wsdg_src/wsdg_tests.adoc b/docbook/wsdg_src/wsdg_tests.adoc new file mode 100644 index 0000000..a9435ca --- /dev/null +++ b/docbook/wsdg_src/wsdg_tests.adoc @@ -0,0 +1,298 @@ +// WSDG Chapter Tests + +[#ChapterTests] +== Wireshark Tests + +The Wireshark sources include a collection of Python scripts that test +the features of Wireshark, TShark, Dumpcap, and other programs that +accompany Wireshark. These are located in the `test` directory of the +Wireshark source tree. + +The command line options of Wireshark and its companion command line +tools are numerous. These tests help to ensure that we don't introduce +bugs as Wireshark grows and evolves. + +[#TestsQuickStart] +=== Quick Start + +The recommended steps to prepare for and run tests with a UN*X toolchain: + +* Install two Python packages, pytest: `pip install pytest pytest-xdist` +* Build programs (“wireshark”, “tshark”, etc.): `ninja` +* Build additional programs for the “unittests” suite: `ninja test-programs` +* Run tests in the build directory: `pytest` + +Replace `ninja` by `make` as needed. + +If building with <<#ChWindowsBuild,Microsoft Visual Studio>> the analogous steps are: + +* Install pytest Python packages: `python -m pip install pytest pytest-xdist` +* Build programs: `msbuild /m /p:Configuration=RelWithDebInfo Wireshark.sln` +* Build test-programs: `msbuild /m /p:Configuration=RelWithDebInfo test-programs.vcxproj` +* Run tests: `python -m pytest` + +TIP: Depending on your PATH, you may need to run the pytest module as a +script from your Python interpreter, e.g, `python -m pytest` or +`python3 -m pytest` instead of `pytest`. + +The test suite will attempt to test as much as possible and skip tests +when its dependencies are not satisfied. For example, packet capture +tests require a Loopback interface and capture privileges. To avoid +capture tests, pass the `--disable-capture` option. + +List available tests with `pytest --collectonly`. Enable verbose output +with `pytest --verbose`. For more details, see <<ChTestsRun>>. + +You can also run the "ninja test" target instead of invoking pytest +directly. This will automatically build the test programs dependency, +so it may be preferred for that reason. + +[#ChTestsStructure] +=== Test suite structure + +The following sections describes how the test suite is organized. + +[#TestCoverage] +==== Test Coverage And Availability + +The testing framework can run programs and check their stdout, stderr, +and exit codes. It cannot interact with the Wireshark UI. Tests cover +capture, command line options, decryption, file format support and +conversion, Lua scripting, and other functionality. + +Available tests depend on the libraries with which Wireshark was built. +For example, some decryption tests depend on a minimum version of +Libgcrypt and Lua tests depend on Lua. + +Capture tests depend on the permissions of the user running the test +script. We assume that the test user has capture permissions on Windows +and macOS and capture tests are enabled by default on those platforms. + +TIP: Build the "test-capture" target on Linux (using sudo) to set dumpcap +permissions and enable capture tests. + +If a feature is unavailable, the test will be skipped. For example, if +an old version of Libgcrypt is in use, then some decryption tests will +be skipped while other tests can still run to completion. + +[#TestsLayout] +==== Suites, Cases, and Tests + +The test suite uses pytest as a test runner. Tests are organized according to +suites, cases, and individual tests. Suites correspond to Python modules +that match the pattern “suite_*.py”. Cases correspond to one or more +classes in each module, and case class methods matching the pattern +”test_*” correspond to individual tests. For example, the invalid +capture filter test in the TShark capture command line options test case +in the command line options suite has the ID +“suite_clopts.py::TestTsharkCaptureClopts::test_tshark_invalid_capfilter”. + +[#TestsPytest] +==== pytest fixtures + +A test has typically additional dependencies, like the path to an +executable, the path to a capture file, a configuration directory, the +availability of an optional library, and so on. + +https://pytest.org/[pytest] is a test framework which has full +parallelization support (test-level instead of just suite-level), +provides nice test reports, and allows +https://docs.pytest.org/en/latest/fixture.html[modular fixtures]. + +A fixture is a function decorated with `@pytest.fixture` and can +either call `pytest.skip("reason")` to skip tests that depend on the +fixture, or return/yield a value. +Test functions (and other fixture functions) can receive the fixture +value by using the name of the fixture function as function parameters. +Common fixtures are available in `fixtures_ws.py` and includes +`cmd_tshark` for the path to the `tshark` executable and `capture_file` +for a factory function that produces the path to a capture file. + +[#ChTestsRun] +=== Listing And Running Tests + +Tests are run with https://pytest.org/[pytest]. Pytest features versus the +"unittest" standard library module include finer +test selection, full parallelism, nicer test execution summaries, better output +in case of failures (containing the contents of variables) and the ability to +open the PDB debugger on failing tests. + +To get started, install pytest 3.0 or newer and +https://pypi.org/project/pytest-xdist/[pytest-xdist]: + +[source,sh] +---- +# Install required packages on Ubuntu 18.04 or Debian jessie-backports +$ sudo apt install python3-pytest python3-pytest-xdist + +# Install required packages on other systems +$ pip install pytest pytest-xdist +---- + +Run `pytest` in the Wireshark build directory, Wireshark binaries are assumed to +be present in the `run` subdirectory (or `run\RelWithDebInfo` on Windows). + +[source,sh] +---- +# Run all tests +$ cd /path/to/wireshark/build +$ pytest + +# Run all except capture tests +$ pytest --disable-capture + +# Run all tests with "decryption" in its name +$ pytest -k decryption + +# Run all tests with an explicit path to the Wireshark executables +$ pytest --program-path /path/to/wireshark/build/run +---- + +To list tests without actually executing them, use the `--collect-only` option: + +[source,sh] +---- +# List all tests +$ pytest --collect-only + +# List only tests containing both "dfilter" and "tvb" +$ pytest --collect-only -k "dfilter and tvb" +---- + +The test suite will fail tests when programs are missing. When only a +subset of programs are built or when some programs are disabled, then +the test suite can be instructed to skip instead of fail tests: + +[source,sh] +---- +# Run tests when libpcap support is disabled (-DENABLE_PCAP=OFF) +$ pytest --skip-missing-programs dumpcap,rawshark + +# Run tests and ignore all tests with missing program dependencies +$ pytest --skip-missing-programs all +---- + +To open a Python debugger (PDB) on failing tests, use the `--pdb` option and +disable parallelism with the `-n0` option: + +[source,sh] +---- +# Run decryption tests sequentially and open a debugger on failing tests +$ pytest -n0 --pdb -k decryption +---- + +[#ChTestsDevelop] +=== Adding Or Modifying Tests + +Tests must be in a Python module whose name matches “suite_*.py”. The +module must contain one or more subclasses with a name starting with +"Test" something, for example "class TestDissectionHttp2:". Each test case +method whose name starts with “test_” constitutes an individual test. + +Success or failure conditions are signalled using regular assertions +with the "assert" Python keyword. + +Test dependencies (such as programs, directories, or the environment +variables) are injected through method parameters. Commonly used +fixtures include `cmd_tshark` and `capture_file`. + +Processes (tshark, capinfos, etc.) are run using the "subprocess" Python module, +or the Wireshark `subprocesstest` module with some convenience functions. +Possible functions include `subprocesstest.run()`, `subprocesstest.check_run()` +or creating `subprocess.Popen` object if the utility functions are not sufficient for some reason. +Usually this is only required if two-way communication is performed with +the child process. `subprocesstest.check_run()` is exactly the same as +calling `subprocesstest.run()` with `check=True` as an argument, only +a bit more expressive. + +Check the documentation for the Python subprocess module for a full description +of the arguments available to the `subprocesstest.run()` convenience wrapper +and the `subprocess.Popen` object. + +All of the current tests run one or more of Wireshark's suite of +executables and either check their return code or their output. A +simple example is “suite_clopts.py::TestBasicClopts::test_existing_file”, +which reads a capture file using TShark and checks its exit code. + +[source,python] +---- +import subprocesstest +import pytest + +class TestBasicClopts: + def test_existing_file(self, cmd_tshark, capture_file, test_env): + subprocess.check_run((cmd_tshark, '-r', capture_file('dhcp.pcap')), env=test_env) +---- + +Output can be checked using `assert subprocesstest.grep_output()`, +`assert subprocesstest.count_output()` or any other `assert` statement. +`subprocesstest.check_run()` also asserts that the child process returns +the value 0 as exit code. + +[source,python] +---- +import subprocesstest +import pytest + +class TestDecrypt80211: + def test_80211_wpa_psk(self, cmd_tshark, capture_file, test_env): + tshark_proc = subprocesstest.run((cmd_tshark, + '-o', 'wlan.enable_decryption: TRUE', + '-Tfields', + '-e', 'http.request.uri', + '-r', capture_file('wpa-Induction.pcap.gz'), + '-Y', 'http', + ), capture_output=True, env=test_env) + assert 'favicon.ico' in tshark_proc.stdout +---- + +Tests can be run in parallel. This means that any files you create must +be unique for each test. Filenames based on the current test name are +generated using fixtures such as "capture_file" and "result_file". By default +pytest generates paths in the system's temporary directory and the last three +pytest runs are kept. Temporary files from older runs are automatically deleted. + +[#ChTestsExternal] +=== External Tests + +You can create your own Python test files outside of the Wireshark source tree. +To include your tests when running the Wireshark test suite, simply add the +directory containing your test files to the `pytest` command line. Note that +filenames must match the same conventions as discussed above. + +In order for your tests to have access to the Wireshark test fixtures, you will +need this line in each test file: + +[source,python] +---- +from fixtures_ws import * +---- + +[#ChTestsExtFixtures] +==== Custom Fixtures + +You may wish to define your own test fixtures -- for example, a fixture similar +to `capture_file` but which gives the path to a file in your external test +directory. Here is an example Python file containing such a fixture. It presumes +a subdirectory named `extra_captures` which exists in the same directory, and +which contains your extra capture files. + +[source,python] +---- +# my_fixtures.py +# To use in your own tests, import like so: +# from my_fixtures import * + +from pathlib import Path +import pytest + +@pytest.fixture(scope='session') +def extra_file(): + def resolver(filename): + return Path(__file__).parent.joinpath("extra_captures", filename) + return resolver +---- + +NOTE: If you give your fixture the same name as an existing Wireshark fixture, +any tests using your fixture library will lose access to the Wireshark fixture +of the same name. This can lead to confusing behavior and is not recommended. diff --git a/docbook/wsdg_src/wsdg_tools.adoc b/docbook/wsdg_src/wsdg_tools.adoc new file mode 100644 index 0000000..f1d99e9 --- /dev/null +++ b/docbook/wsdg_src/wsdg_tools.adoc @@ -0,0 +1,1043 @@ +// WSDG Chapter Tools + +[#ChapterTools] + +== Tool Reference + +[#ChToolsIntro] + +=== Introduction + +This chapter will provide you with information about the various tools +needed for Wireshark development. None of the tools mentioned in this +chapter are needed to run Wireshark. They are only needed to build it. + +Most of these tools have their roots on UNIX or UNIX-like platforms such +as Linux, but Windows ports are also available. Therefore the tools are +available in different "flavours": + +* UNIX and UNIX-like platforms: The tools should be commonly available + on the supported UNIX and UNIX-like platforms. Cygwin is unsupported. +* Windows native: Some tools are available as native Windows tools, no + special emulation is required. Many of these tools can be installed + (and updated) using https://chocolatey.org[Chocolatey], a Windows + package manager similar to the Linux package managers apt-get or yum. + +[WARNING] +.Follow the directions +==== +Unless you know exactly what you are doing, you should strictly follow the recommendations given in <<ChapterSetup>>. +==== + +The following sections give a very brief description of +what a particular tool is doing, how it is used in the +Wireshark project and how it can be installed and +tested. + +Documentation for these tools is outside the scope of this document. If you need +further information on using a specific tool you should find lots of useful +information on the web, as these tools are commonly used. You can also get help +for the UNIX based tools with `**toolname** --help` or the man page via `man +**toolname**`. + +You will find explanations of the tool usage for some of the specific +development tasks in <<ChapterSources>>. + +[#ChToolsChocolatey] +=== Chocolatey + +Chocolatey is a Windows package manager that can be used to install (and update) +many of the packages required for Wireshark development. Chocolatey can be +obtained from the https://chocolatey.org[website] or from a Command Prompt: + +[source,cmd] +---- +C:\>@powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString(_https://chocolatey.org/install.ps1_))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin +---- + +or a Powershell prompt: + +[source,cmd] +---- +PS:\>iex ((new-object net.webclient).DownloadString(_https://chocolatey.org/install.ps1_)) +---- + +Chocolatey sometimes installs packages in unexpected locations. Python +is a notable example. While it's typically installed in a top-level +directory, e.g. _C:\Python37_ or in %PROGRAMFILES%, e.g. _C:\Program +Files\Python37_, Chocolatey tends to install it under +_C:\ProgramData\chocolatey_ or _C:\Tools_. If you want to avoid this +behavior you'll probably want to install Python using the packages from +python.org. + +Other package managers for Windows include the https://docs.microsoft.com/en-us/windows/package-manager/[Windows Package Manager (winget)] and https://scoop.sh/[Scoop]. +As of January 2022 neither option provides all of the packages we require, but that might change in the future. + +[#ChToolsCMake] + +=== CMake + +Wireshark’s build environment can be configured using CMake on various UNIX-like platforms, including Linux, macOS, and *BSD, and on Windows. +CMake is designed to support out-of-tree builds - so much so that in-tree builds do not work properly in all cases. +Along with being cross-platform, CMake supports many build tools and environments including traditional make, Ninja, and MSBuild. + +Building with CMake typically includes creating a build directory and +specifying a *generator*, aka a build tool. For example, to build +Wireshark using Ninja in the directory _wireshark-ninja_ you might +run the following commands: + +[source,sh] +---- +# Starting from your Wireshark source directory, create a build directory +# alongside it. +$ cd .. +$ mkdir wireshark-ninja +$ cd wireshark-ninja +# Assumes your source directory is named "wireshark". +$ cmake -G Ninja ../wireshark +$ ninja (or cmake --build .) +---- + +Using CMake on Windows is described further in <<ChWindowsGenerate>>. + +Along with specifying a generator with the `-G` flag you can set variables +using the `-D` flag. Useful variables and generators include the following: + +-DBUILD_wireshark=OFF:: Don't build the Wireshark GUI application. +Each command line utility has its own BUILD_xxx flag as well. For +example, you can use -DBUILD_mmdbresolve=OFF to disable mmdbresolve. + +-DENABLE_CCACHE=ON:: Build using the ccache compiler cache. + +-DENABLE_CAP=OFF:: Disable the POSIX capabilities check + +-DCMAKE_BUILD_TYPE=Debug:: Enable debugging symbols + +-DCARES_INCLUDE_DIR=/your/custom/cares/include, -DCARES_LIBRARY=/your/custom/cares/lib/libcares.so:: +Let you set the path to a locally-compiled version of c-ares. Most +optional libraries have xxx_INCLUDE_DIR and xxx_LIB flags that let you +control their discovery. + +-DCMAKE_OSX_DEPLOYMENT_TARGET=10.12:: +Specify the minimum macOS version for Wireshark and each command line utility. +Note that this doesn’t affect the minimum target for third-party libraries. +For example, if you’re building for macOS 10.12 you’ll need to install https://doc.qt.io/archives/qt-5.13/supported-platforms.html[Qt 5.14 or earlier] and ensure that other libraries support macOS 10.12, for example by running `tools/macos-setup.sh -t 10.12`. + +-DENABLE_APPLICATION_BUNDLE=OFF:: Disable building an application bundle (Wireshark.app) on macOS + +You can list all build variables (with help) by running `cmake -LH [options] +../<Name_of_WS_source_dir>`. This lists the cache of build variables +after the cmake run. To only view the current cache, add option `-N`. + +Depending on your needs, it might be useful to save your CMake configuration options in a file outside your build directory. +CMake supports this via its https://cmake.org/cmake/help/v3.23/manual/cmake-presets.7.html[presets] option. +For example, adding the follwing to `CMakeUserPresets.json` would let you build using Ninja in the `build` directory, enable ccache, and set a custom Qt directory by running `cmake --preset mydev`: + +[source,json] +---- +{ + "version": 4, + "configurePresets": [ + { + "name": "mydev", + "displayName": "Local development", + "generator": "Ninja", + "binaryDir": "${sourceDir}/build", + "cacheVariables": { + "ENABLE_CCACHE": "ON" + }, + "environment": { + "CMAKE_PREFIX_PATH": "/usr/local/Qt6" + } + } + ] +} +---- + +After running cmake, you can always run `make help` to see a list of all possible make targets. + +Note that CMake honors user umask for creating directories as of now. You should set +the umask explicitly before running the `install` target. + +CMake links: + +The home page of the CMake project: https://cmake.org/ + +Official documentation: https://cmake.org/documentation/ + +About CMake in general and why KDE4 uses it: https://lwn.net/Articles/188693/ + +Useful variables: https://gitlab.kitware.com/cmake/community/wikis/doc/cmake/Useful-Variables + +Frequently Asked Questions: https://gitlab.kitware.com/cmake/community/wikis/FAQ + +[#ChToolsGNUChain] + +=== GNU Compiler Toolchain (UNIX And UNIX-like Platforms) + +[#ChToolsGCC] + +==== gcc (GNU Compiler Collection) + +The GCC C compiler is available for most UNIX and UNIX-like operating +systems. + +If GCC isn't already installed or available +as a package for your platform, you can get it at: +https://gcc.gnu.org/[]. + +After correct installation, typing at the +bash command line prompt: + +[source,sh] +---- +$ gcc --version +---- + +should result in something like + +---- +gcc (Ubuntu 4.9.1-16ubuntu6) 4.9.1 +Copyright (C) 2014 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +---- + +Your version string may vary, of course. + +[#ChToolsGDB] + +==== gdb (GNU Project Debugger) + +GDB is the debugger for the GCC compiler. It is +available for many (if not all) UNIX-like platforms. + +If you don't like debugging using the command line, many +https://sourceware.org/gdb/wiki/GDB%20Front%20Ends[GUI frontends for it +available], including Qt Creator, CLion, and Eclipse. + +If gdb isn't already installed or available +as a package for your platform, you can get it at: +https://www.gnu.org/software/gdb/gdb.html[]. + +After correct installation: + +[source,sh] +---- +$ gdb --version +---- + +should result in something like: + +---- +GNU gdb (GDB) 8.3 +Copyright (C) 2019 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +---- + +Your version string may vary, of course. + +[#ChToolsGNUmake] + +==== make (GNU Make) + +[NOTE] +.GNU make isn't supported either for Windows + +GNU Make is available for most of the UNIX-like +platforms. + +If GNU Make isn't already installed or +available as a package for your platform, you can get it at: +https://www.gnu.org/software/make/[]. + +After correct installation: + +[source,sh] +---- +$ make --version +---- + +should result in something like: + +---- +GNU Make 4.0 +Built for x86_64-pc-linux-gnu +Copyright (C) 1988-2013 Free Software Foundation, Inc. +Licence GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +---- + +Your version string may vary, of course. + +==== Ninja + +Ninja is an alternative to make, and is available for many of the +UNIX-like platforms. It runs builds faster than make does. + +It is designed to have its build files generated by tools such as CMake; +to generate build files for Ninja, run CMake with the `-G Ninja` flag. + +If Ninja isn't already installed, see the list of suggestions for Ninja +packages at: +https://github.com/ninja-build/ninja/wiki/Pre-built-Ninja-packages. + +If Ninja isn't already installed and isn't +available as a package for your platform, you can get it from: +https://ninja-build.org. You can download the source code or binaries +for Linux, macOS, and Windows (we have not tested Ninja on Windows). + +[#ChToolsMSChain] + +=== Microsoft compiler toolchain (Windows native) + +To compile Wireshark on Windows using the Microsoft C/{cpp} +compiler (MSVC), you'll need: + +. C compiler (_cl.exe_) + +. Assembler (_ml.exe_ for 32-bit targets and _ml64.exe_ for 64-bit targets) + +. Linker (_link.exe_) + +. Resource Compiler (_rc.exe_) + +. C runtime headers and libraries (e.g. _stdio.h_, _vcruntime140.lib_) + +. Windows platform headers and libraries (e.g. +_windows.h_, _WS2_32.lib_) + +==== Official Toolchain Packages And Alternatives + +Official releases are or were built with the following Visual {cpp} versions: + +* Wireshark 4.2.x: Microsoft Visual {cpp} 2022. +* Wireshark 4.0.x: Microsoft Visual {cpp} 2022. +* Wireshark 3.6.x: Microsoft Visual {cpp} 2019. +* Wireshark 3.4.x: Microsoft Visual {cpp} 2019. +* Wireshark 3.2.x: Microsoft Visual {cpp} 2019. +* Wireshark 3.0.x: Microsoft Visual {cpp} 2017. +* Wireshark 2.6.x: Microsoft Visual {cpp} 2017. +* Wireshark 2.4.x: Microsoft Visual {cpp} 2015. +* Wireshark 2.2.x: Microsoft Visual {cpp} 2013. +* Wireshark 2.0.x: Microsoft Visual {cpp} 2013. +* Wireshark 1.12.x: Microsoft Visual {cpp} 2010 SP1. +* Wireshark 1.10.x: Microsoft Visual {cpp} 2010 SP1. +* Wireshark 1.8.x: Microsoft Visual {cpp} 2010 SP1. +* Wireshark 1.6.x: Microsoft Visual {cpp} 2008 SP1. +* Wireshark 1.4.x: Microsoft Visual {cpp} 2008 SP1. +* Wireshark 1.2.x: Microsoft Visual {cpp} 2008 SP1. +* Wireshark 1.0.x and earlier: Microsoft Visual {cpp} 6.0. + +Using the release compilers is recommended for Wireshark development work. + +“Community” editions of Visual Studio such as “Visual Studio Community +2022” can be used to compile Wireshark but any PortableApps packages you +create with them might require the installation of a separate Visual +{cpp} Redistributable package on any machine on which the PortableApps +package is to be used. See <<msvc-runtime-redistributable>> below for +more details. + +However, you might already have a different Microsoft {cpp} compiler +installed. It should be possible to use any of the following with the +considerations listed. You will need to sign up for a +https://visualstudio.microsoft.com/dev-essentials/[Visual Studio Dev +Essentials] account if you don't have a Visual Studio (MSDN) +subscription. The older versions can be downloaded from +https://visualstudio.microsoft.com/vs/older-downloads/[]. + +==== Visual {cpp} 2022 Community Edition + +IDE + Debugger?:: Yes + +SDK required for 64-bit builds?:: No + +CMake Generator: *`Visual Studio 17`* + +You can use Chocolatey to install Visual Studio, e.g: + +[source,cmd] +---- +PS:\> choco install visualstudiocommunity2022 visualstudio2022-workload-nativedesktop +---- + +If you wish to build Arm64 executables you must install the following components: + +Microsoft.VisualStudio.Component.VC.Tools.ARM64:: MSVC v143 - VS 2022 C++ ARM64/ARM64EC build tools (Latest) + +Microsoft.VisualStudio.Component.VC.Runtimes.ARM64.Spectre:: MSVC v143 - VS 2022 C++ ARM64/ARM64EC Spectre-mitigated libs (Latest) + +==== cl.exe (C Compiler) + +The following table gives an overview of the possible +Microsoft toolchain variants and their specific C compiler +versions ordered by release date. + +|=== +| Compiler Package | V{cpp} | _MSC_VER +| Visual Studio 2022 (17.4.2) | 14.34 | 1934 +|=== + +A description of `_MSC_VER` and `_MSC_FULL_VER`, and their relation to Visual Studio and compiler versions, +can be found at +https://learn.microsoft.com/en-us/cpp/preprocessor/predefined-macros?view=msvc-170[Microsoft-specific predefined macros]. + +Information on the V{cpp} version can be found in the file _wsutil/version_info.c_. + +After correct installation of the toolchain, typing +at the Visual Studio Command line prompt (cmd.exe): + +[source,cmd] +---- +> cl +---- + +should result in something like: + +---- +Microsoft (R) C/C++ Optimizing Compiler Version 19.23.28106.4 for x64 +Copyright (C) Microsoft Corporation. All rights reserved. + +usage: cl [ option... ] filename... [ /link linkoption... ] +---- + +However, the version string may vary. + +Documentation on recent versions of the compiler can be found at +https://docs.microsoft.com/en-us/cpp/build/reference/compiling-a-c-cpp-program[Microsoft Docs] + +==== link.exe (Linker) + +After correct installation, typing at the Visual Studio Command line prompt (cmd.exe): + +[source,cmd] +---- +> link +---- + +should result in something like: + +---- +Microsoft (R) Incremental Linker Version 14.23.28106.4 +Copyright (C) Microsoft Corporation. All rights reserved. + + usage: LINK [options] [files] [@commandfile] + ... +---- + +However, the version string may vary. + +Documentation on recent versions of the linker can be found at +https://docs.microsoft.com/en-us/cpp/build/reference/linking[Microsoft Docs] + +[#msvc-runtime-redistributable] + +==== Visual {cpp} Runtime “Redistributable” Files + +Please note: The following is not legal advice. Ask your preferred +lawyer instead. It’s the authors view and this view might be wrong. + +Wireshark and its libraries depend on POSIX functions such as fopen() +and malloc(). On Windows, these functions are provided by the Microsoft +Visual {cpp} C Runtime (CRT). There are many different versions of the CRT and +Visual {cpp} 2015 and later use the _Universal CRT_ (UCRT). + +The Universal CRT comes standard with Windows 10 and is installed as part +of Windows Update on earlier versions of Windows. The Wireshark .exe +installers include redistributables (_vc_redist.x64.exe_ or +_vc_redist.x86.exe_) which ensure that the Universal CRT is installed and +up to date. + +[NOTE] +.Make sure you're allowed to distribute this file +==== +The files to redistribute must be mentioned in the +redist.txt file of the compiler package. Otherwise it +can't be legally redistributed by third parties like +us. +==== + +The following Microsoft Docs link is recommended for the +interested reader: + +https://docs.microsoft.com/en-us/cpp/windows/redistributing-visual-cpp-files[Redistributing Visual {cpp} Files] + +In all cases where _vc_redist.x64.exe_ or _vc_redist.x86.exe_ is +downloaded it should be downloaded to the directory into which the +support libraries for Wireshark have been downloaded and installed. This +directory is specified by the `WIRESHARK_BASE_DIR` or +`WIRESHARK_LIB_DIR` environment variables. It need not, and should not, +be run after being downloaded. + +==== Windows Platform SDK + +The Windows Platform SDK (PSDK) or Windows SDK is a free +(as in beer) download and contains platform specific headers and +libraries (e.g. _windows.h_, _WSock32.lib_, etc.). As new Windows +features evolve in time, updated SDKs become available that +include new and updated APIs. + +When you purchase a commercial Visual Studio or use the Community +Edition, it will include an SDK. + +[#ChToolsDocumentationToolchain] +=== Documentation Toolchain + +Wireshark’s documentation is split across two directories. +The `doc` directory contains man pages written in Asciidoctor markup. +The `docbook` directory contains the User’s Guide, Developer’s Guide, and the release notes, which are also written in Asciidoctor markup. +The split is for historical reasons (described below), and the documentation will likely be consolidated into one directory in the future. + +Our various output formats are generated using the following tools. +Intermediate formats are in _italics_. + +Man page roff:: Asciidoctor +Man page HTML:: Asciidoctor + +Guide HTML:: Asciidoctor → _DocBook XML_ → xsltproc + DocBook XSL +Guide PDF:: Asciidoctor + +Release notes HTML:: Asciidoctor +Release notes text:: Asciidoctor → _HTML_ → html2text.py + +==== Asciidoctor + +https://asciidoctor.org/[Asciidoctor] comes in several flavors: a Ruby gem (Asciidoctor), a Java bundle (AsciidoctorJ), and transpiled JavaScript (Asciidoctor.js). +The Ruby and Java flavors can be used to build Wireshark’s documentation, but the JavaScript flavor doesn’t support all of the features that we require. +// We need docbook5, PDF & EPUB output and macros + +The guides and release notes were originally written in DocBook (hence the directory name). +They were later converted to AsciiDoc and then migrated to Asciidoctor. +The man pages were originally in Perl’s POD (Plain Old Documentation) format and were later converted to Asciidoctor. +We use Asciidoctor’s modern (>= 1.5.0) syntax. + +PDF output requires Asciidoctor’s PDF backend. +It is included with AsciidoctorJ but _not_ with Asciidoctor. + +==== DocBook XML and XSL + +Converting from DocBook to HTML requires the DocBook DTD +(http://www.sagehill.net/docbookxsl/ToolsSetup.html) +and DocBook stylesheets +(http://www.sagehill.net/docbookxsl/InstallStylesheets.html). +These are available via installable packages on most Linux distributions, Chocolatey, and Homebrew. + +==== xsltproc + +http://xmlsoft.org/xslt/[xsltproc] converts DocBook XML to various formats based on XSL stylesheets. +It either ships as part of the operating system or is available via an installable package on most Linux distributions, Chocolatey, and Homebrew. + +[#ChToolsDebugger] + +=== Debugger + +Using a good debugger can save you a lot of development time. + +The debugger you use must match the C compiler Wireshark was compiled with, +otherwise the debugger will simply fail or you will only see a lot of garbage. + +[#ChToolsMSVCDebugger] + +==== Visual Studio Integrated Debugger + +You can use the integrated debugger of Visual Studio if your toolchain includes +it. Open the solution in your build directory and build and debug as normal +with a Visual Studio solution. + +To set the correct paths for Visual Studio when running Wireshark under the +debugger, add the build output directory to the path before opening Visual +Studio from the same command prompt, e.g. + +[source,cmd] +---- +C:\Development\wsbuild64>set PATH="%PATH%;C:\Development\wsbuild64\run\RelwithDebInfo" +C:\Development\wsbuild64>wireshark.sln +---- + +for PowerShell use + +[source,cmd] +---- +PS C:\Development\wsbuild64>$env:PATH += ";$(Convert-Path run\RelWithDebInfo)" +PS C:\Development\wsbuild64>wireshark.sln +---- + +When Visual Studio has finished loading the solution, set the executable to +be run in the debugger, e.g. Executables\Wireshark, by right clicking it in +the Solution Explorer window and selecting "Set as StartUp Project". Also +set the Solution Configuration (usually RelWithDebInfo) from the droplist on +the toolbar. + +NOTE: Currently Visual Studio regards a command line build as incomplete, so +will report that some items need to be built when starting the debugger. These +can either be rebuilt or ignored as you wish. + + +The normal build is an optimised release version so debugging can be a bit +difficult as variables are optimised out into registers and the execution +order of statements can jump around. + +If you require a non-optimised version, then build using a debug configuration. + +[#ChToolsMSDebuggingTools] + +==== Debugging Tools For Windows + +You can also use the Microsoft Debugging Tools for Windows toolkit, which is a +standalone GUI debugger. Although it’s not that comfortable compared to +debugging with the Visual Studio integrated debugger it can be helpful if you +have to debug on a machine where an integrated debugger is not available. + +You can get it free of charge from Microsoft in several ways, see the +https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/[Debugging tools for Windows] page. + +You can also use Chocolatey to install WinDbg: + +[source,cmd] +---- +PS:\> choco install windbg +---- + +To debug Wireshark using WinDbg, open the built copy of Wireshark using +the File -> Open Executable... menu, +i.e. C:\Development\wsbuild64\run\RelWithDebInfo\Wireshark.exe. To set a +breakpoint open the required source file using the File -> Open Source File... +menu and then click on the required line and press F9. To run the program, +press F5. + +If you require a non-optimised version, then build using a debug configuration, e.g. +*`msbuild /m /p:Configuration=Debug Wireshark.sln`*. The build products will be found +in C:\Development\wsbuild64\run\Debug\. + +[#ChToolsBash] + +=== bash + +The bash shell is needed to run several shell scripts. + +[#ChToolsGNUBash] + +[discrete] +==== Unix + +Bash (the GNU Bourne-Again SHell) is available for most UNIX and +UNIX-like platforms. If it isn't already installed or available as a +package for your platform, you can get it at +https://www.gnu.org/software/bash/bash.html[]. + +After correct installation, typing at the bash command line prompt: + +[source,sh] +---- +$ bash --version +---- + +should result in something like: + +---- +GNU bash, version 4.4.12(1)-release (x86_64-pc-linux-gnu) +Copyright (C) 2016 Free Software Foundation, Inc. +---- + +Your version string will likely vary. + +[#ChToolsPython] + +=== Python + +https://python.org/[Python] is an interpreted programming language. +It is used to generate some source files, documentation, testing and other tasks. +Python 3.6 and later is required. +Python 2 is no longer supported. + +Python is either included or available as a package on most UNIX-like platforms. +Windows packages and source are available at https://python.org/download/[]. + +You can also use Chocolatey to install Python: + +[source,cmd] +---- +PS:\> choco install python3 +---- + +Chocolatey installs Python into _C:\Python37_ by +default. You can verify your Python version by running + +[source,sh] +---- +$ python3 --version +---- + +on UNIX-like platforms and + +[source,cmd] +---- +rem Official package +C:> cd python35 +C:Python35> python --version + +rem Chocolatey +C:> cd \tools\python3 +C:\tools\python3> python --version +---- + +on Windows. You should see something like + +---- +Python 3.5.1 +---- + +Your version string may vary of course. + +[#ChToolsFlex] + +=== Flex + +Flex is a lexical analyzer generator used for Wireshark’s display filters, some +file formats, and other features. + +[#ChToolsUnixFlex] + +[discrete] +==== Unix + +Flex is available for most UNIX and UNIX-like platforms. See the next +section for native Windows options. + +If GNU flex isn't already installed or available as a package for your platform +you can get it at https://www.gnu.org/software/flex/[]. + +After correct installation running the following + +[source,sh] +---- +$ flex --version +---- + +should result in something like: + +---- +flex version 2.5.4 +---- + +Your version string may vary. + +[#ChToolsWindowsFlex] + +[discrete] +==== Windows + +A native Windows version of flex is available in the _winflexbison3_ +https://chocolatey.org/[Chocolatey] package. Note that the executable is named +_win_flex_. + +[source,cmd] +---- +PS:\> choco install winflexbison3 +---- + +Native packages are available from other sources such as +http://gnuwin32.sourceforge.net/packages/flex.htm[GnuWin]. They aren't +officially supported but _should_ work. + +[#ChToolsGit] + +=== Git client + +The Wireshark project uses its own Git repository to keep track of all +the changes done to the source code. Details about the usage of Git in +the Wireshark project can be found in <<ChSrcGitRepository>>. + +If you want to work with the source code and are planning to commit your +changes back to the Wireshark community, it is recommended to use a Git +client to get the latest source files. For detailed information about +the different ways to obtain the Wireshark sources, see <<ChSrcObtain>>. + +You will find more instructions in <<ChSrcGit>> on how to use the Git +client. + +[#ChToolsUnixGit] + +[discrete] +==== Unix + +Git is available for most UNIX and UNIX-like platforms. If Git isn't +already installed or available as a package for your platform, you can +get it at: https://git-scm.com/[]. + +After correct installation, typing at the bash command line prompt: + +[source,sh] +---- +$ git --version +---- + +should result in something like: + +---- +git version 2.14.1 +---- + +Your version will likely be different. + +[#ChToolsWindowsGit] + +[discrete] +==== Windows + +The Git command line tools for Windows can be found at +https://git-scm.com/download/win[] and can also be installed using Chocolatey: + +[source,cmd] +---- +PS:\> choco install git +---- + +After correct installation, typing at the command +line prompt (cmd.exe): + +[source,cmd] +---- +> git --version +---- + +should result in something like: + +---- +git version 2.16.1.windows.1 +---- + +However, the version string may vary. + +[#ChToolsGitPowerShellExtensions] + +=== Git Powershell Extensions (Optional) + +A useful tool for command line git on Windows is https://github.com/dahlbyk/posh-git[PoshGit]. +Poshgit provides git command completion and alters the prompt to indicate the local working +copy status. You can install it using Chocolatey: + +[source,cmd] +---- +PS:\> choco install poshgit +---- + +[#ChToolsGitGUI] + +=== Git GUI Client (Optional) + +Along with the traditional command-line client, several +GUI clients are available for a number of platforms. See +https://git-scm.com/downloads/guis[] for details. + +// [[ChToolsUnixGitGUI]] +// XXX Add Gui client section + +[#ChToolsPerl] + +=== Perl (Optional) + +https://www.perl.org[Perl] is an interpreted programming language. +Perl is used to convert various text files into usable source code and for various source code checks. +Perl version 5.6 and above should work fine. + +[#ChToolsUnixPerl] + +[discrete] +==== Unix + +Perl is available for most UNIX and UNIX-like platforms. If it isn't +already installed or available as a package for your platform, you can +get it at https://www.perl.org/[]. + +After correct installation, typing at the +bash command line prompt: + +[source,sh] +---- +$ perl --version +---- + +should result in something like: + +---- +This is perl 5, version 26, subversion 0 (v5.26.0) built for x86_64-linux-gnu-thread-multi +(with 62 registered patches, see perl -V for more detail) + +Copyright 1987-2017, Larry Wall + +Perl may be copied only under the terms of either the Artistic License or the +GNU General Public License, which may be found in the Perl 5 source kit. + +Complete documentation for Perl, including FAQ lists, should be found on +this system using "man perl" or "perldoc perl". If you have access to the +Internet, point your browser at http://www.perl.org/, the Perl Home Page. +---- + +However, the version string may vary. + +[#ChToolsWindowsPerl] + +[discrete] +==== Windows + +A native Windows Perl package can be obtained from +http://strawberryperl.com/[Strawberry Perl] or +https://www.activestate.com[Active State]. The installation should be +straightforward. + +You may also use Chocolatey to install either package: + +---- +PS:\> choco install strawberryperl +---- + +or + +---- +PS:\> choco install activeperl +---- + +After correct installation, typing at the command +line prompt (cmd.exe): + +---- +> perl -v +---- + +should result in something like: + +---- +This is perl, v5.8.0 built for MSWin32-x86-multi-thread +(with 1 registered patch, see perl -V for more detail) + +Copyright 1987-2002, Larry Wall + +Binary build 805 provided by ActiveState Corp. http://www.ActiveState.com +Built 18:08:02 Feb 4 2003 +... +---- + +However, the version string may vary. + +[#ChToolsPatch] + +=== patch (Optional) + +The patch utility is used to merge a diff file into your own source tree. This +tool is only needed, if you want to apply a patch (diff file) from someone else +(probably from the developer mailing list) to try out in your own private source +tree. + +It most cases you may not need the patch tool installed. Git should +handle patches for you. + +// You will find more instructions in <<ChSrcPatchApply>>on how to use the patch tool. + +[#ChToolsUnixPatch] + +[discrete] +==== Unix + +Patch is available for most UNIX and UNIX-like platforms. If GNU patch +isn't already installed or available as a package for your platform, you +can get it at https://www.gnu.org/software/patch/patch.html[]. + +After correct installation, typing at the +bash command line prompt: + +[source,sh] +---- +$ patch --version +---- + +should result in something like: + +---- +patch 2.5.8 +Copyright (C) 1988 Larry Wall +Copyright (C) 2002 Free Software Foundation, Inc. + +This program comes with NO WARRANTY, to the extent permitted by law. +You may redistribute copies of this program +under the terms of the GNU General Public License. +For more information about these matters, see the file named COPYING. + +written by Larry Wall and Paul Eggert +---- + +However, the version string may vary. + +[#ChToolsWindowsPatch] + +[discrete] +==== Windows + +The Windows native Git tools provide patch. A native Windows patch package can be obtained from +http://gnuwin32.sourceforge.net/[]. The +installation should be straightforward. + +[#ChToolsNSIS] + +=== Windows: NSIS (Optional) + +The NSIS (Nullsoft Scriptable Install System) is used to generate +_Wireshark-{wireshark-version}-x64.exe_ from all the files +needed to be installed, including all required DLLs, plugins, and supporting +files. + +To install it, download the latest released version from +https://nsis.sourceforge.net[]. NSIS v3 is required. You can also install +it using Chocolatey: + +[source,cmd] +---- +PS$> choco install nsis +---- + +You can find more instructions on using NSIS in <<ChSrcNSIS>>. + +[#ChToolsWiX] + +=== Windows: WiX Toolset (Optional) + +The Wix Toolset can be used to generate Windows Installer (_.msi_) packages. +You can download it from the link:https://wixtoolset.org/[WiX web site] or install it using Chocolatey: + +[source,cmd] +---- +PS$> choco install wixtoolset +---- + +This also requires the Visual C++ redistributable merge modules, which can be installed by selecting “Individual Components -> {cpp} 2022 Redistributable MSMs” or “...2019 Redistributable MSMs” as appropriate for your compiler in the Visual Studio installer. + +Wireshark’s .msi packaging is currently experimental and the generated packages may be incomplete. + +[#ChToolsPortableApps] +=== Windows: PortableApps (Optional) + +The PortableApps.com Installer is used to generate +_WiresharkPortable64{underscore}{wireshark-version}.paf.exe_ from all the files +needed to be installed, including all required DLLs, plugins, and supporting +files. + +To install it, do the following: + +* Download the latest PortableApps.com Platform release from + https://portableapps.com/[]. + +* Install the following applications in the PortableApps.com environment: + +** PortableApps.com Installer + +** PortableApps.com Launcher + +You can find more instructions on using the PortableApps.com Installer in +<<ChSrcPortableApps>>. + +// End of WSDG Chapter Tools + +// vim: set syntax=asciidoc: diff --git a/docbook/wsdg_src/wsdg_userinterface.adoc b/docbook/wsdg_src/wsdg_userinterface.adoc new file mode 100644 index 0000000..a4fe17a --- /dev/null +++ b/docbook/wsdg_src/wsdg_userinterface.adoc @@ -0,0 +1,318 @@ +// WSDG Chapter User Interface + +[#ChapterUserInterface] + +== User Interface + +[#ChUIIntro] + +=== Introduction + +Wireshark can be logically separated into the backend (dissecting protocols, +file loading and saving, capturing, etc.) and the frontend (the user interface). + +The following frontends are currently maintained by the Wireshark +development team: + +* Wireshark, Qt based + +* TShark, console based + +This chapter is focused on the Wireshark frontend, and especially on +the Qt interface. + +[#ChUIQt] + +=== The Qt Application Framework + +Qt is a cross-platform application development framework. While we mainly use +the core (QtCore) and user interface (QtWidgets) modules, it also supports a +number of other modules for specialized application development, such as +networking (QtNetwork) and web browsing (QtWebKit). + +At the time of this writing (September 2016) most of the main Wireshark +application has been ported to Qt. The sections below provide an +overview of the application and tips for Qt development in our +environment. + +==== User Experience Considerations + +When creating or modifying Wireshark try to make sure that it will work +well on Windows, macOS, and Linux. See <<ChUIGUIDocs>> for details. +Additionally, try to keep the following in mind: + +*Workflow*. Excessive navigation and gratuitous dialogs should be +avoided or reduced. For example, compared to the legacy UI many alert +dialogs have been replaced with status bar messages. Statistics dialogs +are displayed immediately instead of requiring that options be +specified. + +*Discoverability and feedback*. Most users don't like to read +documentation and instead prefer to learn an application as they use it. +Providing feedback increases your sense of control and awareness, and +makes the application more enjoyable to use. Most of the Qt dialogs +provide a “hint” area near the bottom which shows useful information. +For example, the “Follow Stream” dialog shows the packet corresponding +to the text under the mouse. The profile management dialog shows a +clickable path to the current profile. The main welcome screen shows +live interface traffic. Most dialogs have a context menu that shows +keyboard shortcuts. + +==== Qt Creator + +Qt Creator is a full-featured IDE and user interface editor. It makes +adding new UI features much easier. It doesn't work well on Windows at +the present time, so it’s recommended that you use it on macOS or Linux. + +To edit and build Wireshark using Qt Creator, open the top-level +_CMakeLists.txt_ within Qt Creator. It should ask you to choose a build +location. Do so. It should then ask you to run CMake. Fill in any +desired build arguments (e.g. <<ChSrcBuildType,`-D CMAKE_BUILD_TYPE=Debug`>> or +`-D ENABLE_CCACHE=ON`) and click the btn:[Run CMake] button. When that +completes select menu:Build[Open Build and Run Kit Selector...] and make +sure _wireshark_ is selected. + +Note that Qt Creator uses output created by CMake’s “CodeBlocks” +generator. If you run CMake outside of Qt Creator you should use the +“CodeBlocks - Unix Makefiles” generator, otherwise Qt Creator will +prompt you to re-run CMake. + +==== Source Code Overview + +Wireshark’s `main` entry point is in _ui/qt/main.cpp_. Command-line arguments +are processed there and the main application class (`WiresharkApplication`) +instance is created there along with the main window. + +The main window along with the rest of the application resides in _ui/qt_. Due +to its size the main window code is split into several modules, _main_window.cpp_, +_wireshark_main_window.cpp_ and _wireshark_main_window_slots.cpp_. + +Most of the modules in _ui/qt_ are dialogs. Although we follow Qt naming +conventions for class names, we follow our own conventions by separating file +name components with underscores. For example, ColoringRulesDialog is defined in +_coloring_rules_dialog.cpp_, _coloring_rules_dialog.h_, and +_coloring_rules_dialog.ui_. + +General-purpose dialogs are subclasses of `QDialog`. Dialogs that rely on the +current capture file can subclass `WiresharkDialog`, which provides methods and +members that make it easier to access the capture file and to keep the dialog +open when the capture file closes. + +==== Coding Practices and Naming Conventions + +===== Names + +The code in _ui/qt_ directory uses three APIs: Qt (which uses upper camel case), GLib (which uses snake_case), and the Wireshark +API (which also uses snake_case). + +As a general rule, for names, Wireshark’s Qt code: + +- uses upper camel case, in which words in the name are not separated by underscores, and the first letter of each word is capitalized, for classes, for example, `PacketList`; +- uses lower camel case, in which words in the name are not separated by underscores, and the first letter of each word other than the first word is capitalized, for methods, for example, `resetColumns`; +- uses snake case, in which words in the name are separated by underscores, and the first letter of the word is not capitalized, for variables, with a trailing underscore used for member variables, for example, `packet_list_model_`. + +===== Dialogs + +Dialogs that work with capture file information shouldn't close just because the +capture file closes. Subclassing `WiresharkDialog` as described above can make +it easier to persist across capture files. + +When you create a window with a row of standard “OK” and “Close” buttons at +the bottom using Qt Creator you will end up with a subclass of QDialog. This is +fine for traditional modal dialogs, but many times the “dialog” needs to behave +like a QWindow instead. + +Modal dialogs should be constructed with `QDialog(parent)`. Modeless dialogs +(windows) should be constructed with `QDialog(NULL, Qt::Window)`. Other +combinations (particularly `QDialog(parent, Qt::Window)`) can lead to odd and +inconsistent behavior. Again, subclassing `WiresharkDialog` will take care of +this for you. + +Most of the dialogs in ui/qt share many similarities, including method names, +widget names, and behavior. Most dialogs should have the following, although +it’s not strictly required: + +- An `updateWidgets()` method, which enables and disables widgets depending on + the current state and constraints of the dialog. For example, the Coloring + Rules dialog disables the *Save* button if the user has entered an + invalid display filter. +- A `hintLabel()` widget subclassed from `QLabel` or `ElidedLabel`, placed just + above the dialog button box. The hint label provides guidance and feedback to + the user. +- A context menu (`ctx_menu_`) for additional actions not present in the + button box. +- If the dialog box contains a `QTreeWidget` you might want to add your own + `QTreeWidgetItem` subclass with the following methods: + `drawData()`:: Draws column data with any needed formatting. + `colData()`:: Returns the data for each column as a `QVariant`. Used for + copying as CSV, YAML, etc. + `operator<()`:: Allows sorting columns based on their raw data. + +===== Strings + +Wireshark’s C code and GLib use UTF-8 encoded character arrays. Qt +(specifically QString) uses UTF-16. You can convert a `char *` to a +`QString` using simple assignment. You can convert a `QString` to a +`const char *` using `qUtf8Printable`. + +If you're using GLib string functions or plain old C character array +idioms in Qt-only code you're probably doing something wrong, +particularly if you're manually allocating and releasing memory. +QStrings are generally *much* safer and easier to use. They also make +translations easier. + +If you need to pass strings between Qt and GLib you can use a number +of convenience routines which are defined in _ui/qt/utils/qt_ui_utils.h_. + +If you're calling a function that returns wmem-allocated memory it might make +more sense to add a wrapper function to _qt_ui_utils_ than to call wmem_free in +your code. + +===== Mixing C and {cpp} + +Sometimes we have to call {cpp} functions from one of +Wireshark’s C callbacks and pass {cpp} objects to or from C. Tap +listeners are a common example. The {cpp} FAQ +https://www.parashift.com/c++-faq/mixing-c-and-cpp.html[describes how to do +this safely]. + +Tapping usually involves declaring static methods for callbacks, passing `this` +as the tap data. + +[#ChUII18N] +===== Internationalization and Translation + +Qt provides a convenient method for translating text: `Qobject::tr()`, +usually available as `tr()`. + +However, please avoid using `tr()` for static strings and define them in _*.ui_ +files instead. `tr()` on manually created objects like `QMenu` are not +automatically retranslated and must instead be manually translated using +`changeEvent()` and `retranslateUi()`. See _ui/qt/wireshark_main_window.cpp_ for an example +of this. + +NOTE: If your object life is short and your components are (re)created +dynamically then it is ok to use `tr()`. + +In most cases you should handle the changeEvent in order to catch +`QEvent::LanguageChange`. + +Qt makes translating the Wireshark UI into different languages easy. To add a new +translation, do the following: + +- Add your translation (_ui/qt/wireshark_XX.ts_) to _ui/qt/CMakeLists.txt_ +- (Recommended) Add a flag image for your language in _resources/languages/XX.svg_. Update _resources/languages/languages.qrc_ accordingly. +- Run `lupdate ui/qt -ts ui/qt/wireshark_XX.ts` to generate/update your translation file. +- Add ui/qt/wireshark_XX.ts to `.tx/config`. +- Translate with Qt Linguist: `linguist ui/qt/wireshark_XX.ts`. +- Do a test build and make sure the generated _wireshark_XX.qm_ binary file is included. +- Push your translation to GitLab for review. See <<ChSrcContribute>> for details. + +Alternatively you can put your QM and flag files in the _languages_ +directory in the Wireshark user configuration directory +(_$XDG_CONFIG_HOME/wireshark/languages/_ or _$HOME/.wireshark/languages/_ on +UNIX). + +For more information about Qt Linguist see +https://doc.qt.io/qt-5/qtlinguist-index.html[its manual]. + +You can also manage translations online with +https://www.transifex.com/wireshark/wireshark/[Transifex]. +Translation resources are organized by type of translation and development branch: + +master:: +Qt Linguist resources in the _ui/qt_ in the master branch. + +debian:: +GNU gettext resources in the _debian_ directory in the master branch. + +qt-_XY_, master-_XY_:: +Qt Linguist resources in the _ui/qt_ in the _X.Y_ release branch. +For example, qt-34 matches the Wireshark 3.2 release branch. + +po-_XY_, debian-_XY_:: +GNU gettext (.po) resources in the _debian_ directory in the _X.Y_ release branch. +For example, po-34 matches the Wireshark 3.4 release branch. + +Each week translations are automatically synchronized with the source code through the following steps: + +- Pull changes from Transifex by running `tx pull -f`. +- Run `lupdate` on the ts files. +- Push and commit on GitLab. +- Push changes to Transifex by running `tx push`. + +===== Colors And Themes + +Qt provides a number of colors via the https://doc.qt.io/qt-5/qpalette.html[QPalette] +class. Use this class when you need a standard color provided by the +underlying operating system. + +Wireshark uses an extended version of the +https://en.wikipedia.org/wiki/Tango_Desktop_Project[Tango Color Palette] +for many interface elements that require custom colors. This includes the +I/O graphs, sequence diagrams, and RTP streams. Please use this palette +(defined in `tango_colors.h` and the *ColorUtils* class) if *QPalette* +doesn't meet your needs. + +Wireshark supports dark themes (aka “dark mode”) on some platforms. We +leverage Qt's dark theme support when possible, but have implemented our +own support and workarounds in some cases. You can ensure that your code +includes proper dark theme support by doing the following: + +* You can use a macOS-style template icon by creating a monochrome SVG +document with “.template” appended to the name, e.g. +`resources/stock_icons/24x24/edit-find.template.svg`. +* Qt draws unvisited links *Qt::blue* no matter what. You can work +around this by using `ColorUtils::themeLinkBrush()` and +`ColorUtils::themeLinkStyle()`. +* You can catch dark and light mode changes by handling +`QEvent::ApplicationPaletteChange`. + +==== Other Issues and Information + +The main window has many QActions which are shared with child widgets. See +_ui/qt/proto_tree.cpp_ for an example of this. + +To demonstrate the functionality of the plugin interface options, a +demonstration plugin exists (pluginifdemo). See _doc/README.plugins_ and +_plugins/epan/pluginifdemo_. + +https://www.kdab.com/development-resources/qt-tools/gammaray/[GammaRay] lets you inspect +the internals of a running Qt application similar to $$Spy++$$ on Windows. + +[#ChUIGUIDocs] + +=== Human Interface Reference Documents + +Wireshark runs on a number of platforms, primarily Windows, macOS, and +Linux. It should conform to the Windows, macOS, GNOME, and KDE human +interface guidelines as much as possible. Unfortunately, creating a +feature that works well across these platforms can sometimes be a +juggling act since the human interface guidelines for each platform +often contradict one another. If you run into trouble you can ask the +_wireshark-dev_ mailing list as well as the User Experience Stack +Exchange listed below. + +For further reference, see the following: + +* Android Design: +https://developer.android.com/design/[]. Wireshark doesn't have +a mobile frontend (not yet, at least) but there is still useful +information here. + +* GNOME Human Interface Guidelines: +https://developer.gnome.org/hig/[] + +* KDE Human Interface Guidelines: +https://hig.kde.org[] + +* macOS Human Interface Guidelines: +https://developer.apple.com/design/human-interface-guidelines/macos/overview/themes/[] + +* Design guidelines for the Windows desktop: +https://docs.microsoft.com/en-us/windows/desktop/uxguide/guidelines[] + +* User Experience Stack Exchange: +https://ux.stackexchange.com/[] + +// End of WSDG Chapter User Interface diff --git a/docbook/wsdg_src/wsdg_works.adoc b/docbook/wsdg_src/wsdg_works.adoc new file mode 100644 index 0000000..baa7540 --- /dev/null +++ b/docbook/wsdg_src/wsdg_works.adoc @@ -0,0 +1,119 @@ +// WSDG Chapter Works + +[#ChapterWorks] + +== How Wireshark Works + +[#ChWorksIntro] + +=== Introduction + +This chapter will give you a short overview of how Wireshark works. + +[#ChWorksOverview] + +=== Overview + +The following will give you a simplified overview of Wireshark’s function blocks: + +[#ChWorksFigOverview] + +.Wireshark function blocks +image::images/ws-function-blocks.png[{pdf-scaledwidth}] + +The function blocks in more detail: + +GUI:: Handling of all user input/output (all windows, dialogs and such). +Source code can be found in the _ui/qt_ directory. + +Core:: Main "glue code" that holds the other blocks together. Source +code can be found in the root directory. + +Epan:: Enhanced Packet ANalyzer -- the packet analyzing engine. +Source code can be found in the _epan_ directory. Epan provides +the following APIs: + +* Protocol Tree. Dissection information for an individual packet. + +* Dissectors. The various protocol dissectors in +_epan/dissectors_. + +* Dissector Plugins - Support for implementing dissectors as separate modules. +Source code can be found in _plugins_. + +* Display Filters - The display filter engine at +_epan/dfilter_. + +Wiretap:: The wiretap library is used to read and write capture files in libpcap, +pcapng, and many other file formats. Source code is in the +_wiretap_ directory. + +Capture:: The interface to the capture engine. Source code is in the +root directory. + +Dumpcap:: The capture engine itself. This is the only part that executes with +elevated privileges. Source code is in the root directory. + +Npcap and libpcap:: These are external libraries that provide packet capture +and filtering support on different platforms. The filtering in Npcap and libpcap +works at a much lower level than Wireshark’s display filters and uses a +significantly different mechanism. That’s why there are different display and +capture filter syntaxes. + + +[#ChWorksCapturePackets] + +=== Capturing packets + +Capturing takes packets from a network adapter and saves them to a file +on your hard disk. + +Since raw network adapter access requires elevated privileges, these functions +are isolated to the `dumpcap` program. Placing the capture functionality +into `dumpcap` allows the rest of the code (dissectors, user interface, +etc.) to run with normal user privileges. + +To hide all the low-level machine dependent details from Wireshark, the libpcap +and Npcap (see <<ChLibsPcap>>) libraries are used. These libraries provide a +general purpose interface to capture packets and are used by a wide variety of +applications. + +[#ChWorksCaptureFiles] + +=== Capture Files + +Wireshark can read and write capture files in its natural file formats, pcapng +and pcap, which are used by many other network capturing tools, such as tcpdump. +Additionally, Wireshark supports reading and writing packet capture files +in formats used by other network capture tools. This support is implemented in +Wireshark's wiretap library, which provides a general purpose interface for +reading and writing packet capture formats and supports more than twenty +packet capture formats. + +[#ChWorksDissectPackets] + +=== Dissect packets + +Wireshark dissects packets in what it calls 'two-pass' dissection. + +Wireshark performs a first pass of dissecting all packets as they are loaded +from the file. All packets are dissected sequentially and this information +is used to populate Wireshark's packet list pane and to build state and +other information needed when displaying the packet. + +Wireshark later performs 'second pass' ad-hoc dissections on the +packets that it needs data from. This enables Wireshark to fill in fields that +require future knowledge, like the 'response in frame #' fields, +and correctly calculate reassembly frame dependencies. + +For example, Wireshark will perform an ad-hoc dissection when a user selects +a packet (to display the packet details), +calculates a statistic (so all values are computed), +or performs another action that requires packet data. +However, because Wireshark may only dissect +the packets that are needed, there is no guarantee that +Wireshark will dissect all packets again, nor is there any guarantee as to the +order that the packets will be dissected after the first pass. + +// End of WSDG Chapter Works + |
