How to build a Wireshark plug-in

I was developing a Wireshark plug-in over the last week, and I wanted to document all the steps it took to get it really really working…

First off, I have to give a large credit to Ken Thompson’s CodeProject howto, this was a fantastic write-up, and is the basis of my notes.

The goals for my plug-in are:

  • Dissect a private protocol used in our product. Aka the plug-in is intended for developer/support personnel only
  • Must work against the current downloadable Wireshark build

My differences from Ken’s notes are:

  1. You must use Visual Studio 6.0 if you want your plug-in to work with the official build
  2. I found that Ken’s list of Cygwin requirements was not complete, and the
    nmake –f Makefile.nmake setup

    step was trying to download extra packages. To get out past the work firewall I had to add

    set HTTP_PROXY=server_name:port
    

    to my Cygwin.bat

  3. I also had some problems with non-existing group-policy paths in the PATH environment variable messing with setting up the VCVARS32.bat, so I added this line to reset the PATH
    set path=%SystemRoot%system32

    in the Cygwin.bat before the VCVARS.bat line

  4. I based my dissector on the agentx plug-in.
    pluginsagentx*
  5. Borrowed how flags are done from the IP and UDP dissectors
    epandissectorspacket-ip.cepandissectorspacket-udp.c
  6. Borrowed how to make the dissector match many UDP ports, based on how HTTP uses prefs_register_range_preference.
    epandissectorspacket-http.c

It’s been a fantastic learning experience, lots of banging my head against C code rules, but the output has been very useful.

Linkedin Network RSS Feed

For a last few weeks I have been subscribed to a RSS feed of updates to my Linkedin network, and I think it’s fantastic!

Each day I can see the movers and shakers expand their empires, and feel content that I don’t know those people so there is nothing required of me… it’s great.

Now I don’t need to go to the web site bi-weekly, and click on all my contacts to see what’s changed, I have it all brought to me.

Yeah Linkedin, now I just need to find a purpose for it, other than empire building…..

Our team got called Death Eaters

One of our regular management people (that comes over from the US) came into the office today, purposely not wearing black, and informed our team of this, that she was not going to be dragged down by us Death Eaters.

Hmmm, if that’s not a warning shot over the bow, I’m not sure what is. Quick team huddle later, we are now positive outwards, as we don’t want to be that team that always complains, and everything is always going wrong.

Not a very good label to be stuck with.

But never mind, everything’s still full-on chaos on the inside, what management does not like knowing will now stop hurting us…..

Always validate your input…

Once again I have been reminded to always validate all input. In our database, we store records generated from machines. We have a timeline that lets you view records and reports, that show time summaries.

This morning the testers found some reports which do not show some data that is shown in the timeline. The former data comes from an aggregate table build via table cursors, while the latter comes from the base tables.

Much hunting later, we found the “missing” datawas actually encapsulated in the time span of other data. This should never happen. So when the aggregate table is built (I expect only sometimes) the small event is over written by the larger. So when viewed in the zoomed in timeline you see the small event, but it is not in the report covering the same time.

If we had validation, one of the two entries would have not been loaded into the table, and we would have a error message in a log.

So as long as the logs are reviewed (they are reviewed aren’t they?) – the issue would have been found easier.

As to why we have overlapping data, that’s another mystery, but still I should have been checking the input….

Curse of the Azure Bonds – build 1.0.5

Build 1.0.5 was put up on Goggle Code yesterday.

Changes were:

  • Loading saved games with Druids / Ranger / Paladins / Magic-Users / Clerics was not translation complete, and would therefore crash
  • Saving newly created characters incorrectly ask if you wanted to overwrite the file
  • The display of a characters AC was +/- flipped
  • The save game from the training menu did not work
  • The item name list was missing a blank string, thus causes items part way through to display with a off by one name.
  • Fixed the calculation of AC bonus from Dexterity
  • Fixed how losing combat was treated, so you now don’t get shown the EXP rewarded screen
  • Scrolling through the party list was broken
  • Fixed small typo in the code-wheel (even though it turned off in the game)
  • Fixed the display names on spells. There was many blank strings missing
  • Fixed spell memorizing screen
  • Fixed some menu that would not accept input like Exit
  • Fixed the treasure found code to handle not being in combat (SSI bug)

Most of these changes were from Paul, or playing with his save game. I have started on some of the combat UI problems that have been bugging me.

So as always, posts your comment/issues here or on the GoogleCode site.