Wireshark-dev: Re: [Wireshark-dev] Compiling a Dissector

From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>
Date: Tue, 18 May 2010 18:11:42 -0600
On Tue, May 18, 2010 at 09:03:39AM -0700, Jonathan Walker wrote:

> Is this to say that there is no possible way to compile a dissector 
> that can successfully run with Wireshark, by simply compiling it with 
> all the required libraries provided by the previously-built Wireshark?  
> In other words, can a dissector be updated and re-compiled with the 
> same libraries from a previously-built Wireshark? (only need to build 
> wireshark from source once).

The suggestion you quoted is aimed at making sure that you can 
successfully compile Wireshark in your environment before modifying it.  
That way, you know that any problems you encounter are from what has 
been modified.

However, you did bring up some good questions.  The only "supported" 
(meaning we'll help you make sure it works) way to build dissectors is 
to compile them with Wireshark from source and use them in that same 
build of Wireshark.

You can usually take a compiled plug-in and drop it into another 
installation (same operating system and Wireshark version) and have it 
work.  Sometimes this even works between different minor revisions of 
Wireshark, but it is *not* guaranteed to work - it could break with any 
new version.  This breakage is usually caused by changes to internal 
Wireshark dissector structure variables.  We don't guarantee that the 
API (functions used in source code) or ABI (compiled files) will remain 
the same and functional between Wireshark versions or even different SVN 
revisions of developer trees of Wireshark.

If you are developing a plug-in, you can recompile just the plug-in 
while in the source tree of the initially built Wireshark code and then 
reinstall it.  If it is a built-in dissector (which is preferred, 
especially if you're going to share it with everyone for inclusion in 
Wireshark source code), then you need to recompile at least part of the 
Wireshark tree.  Some of the developers here have ways to just recompile 
parts of the source tree to speed things up if you're just changing a 
dissector, but I just recompile the whole thing every time in case I 
changed something outside of a dissector.


-- 
Steve