russellmayhew / protobuf-wireshark

Automatically exported from code.google.com/p/protobuf-wireshark
Apache License 2.0
0 stars 0 forks source link

New feature Request : Wireshark integration #5

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Hello there,

that's a pretty useful wireshark plugin. Nice ! 

But I was wondering, if it is technically possible to integrate it differently 
in wireshark :
 1- Install the (new) plugin only once in the wireshark directory.
 2- In the decode as menu, at transport level, you select PROTOCOL_BUFFERS 
    for instance.
 3- The user is prompted for the .proto file to use (and additional info)
 4- The decoding is then applied automatically.

I am not a wireshark developer, but a wireshark user ;). And I believe it 
would be nicer to have it this way.

This said, I hope you take it as it is, a constructive remark. 
Because it's true that it's open source and I may code it myself!
But fore sure, it would take me more time to get familiar with the 
wireshark development...

Cheers,
Roudy 

Original issue reported on code.google.com by roudy.da...@gmail.com on 14 Jun 2010 at 2:59

GoogleCodeExporter commented 9 years ago
ASAIK dynamic bindings are not supported in wireshark. i.e field registrations 
cannot be performed at dissect time. That is the main issue here. 

Original comment by dear.c...@gmail.com on 21 Jul 2010 at 6:04

GoogleCodeExporter commented 9 years ago
Roudy
  On second thought I think there might be a way to implement a generic plugin to decode all protobuf messages by parsing .proto files at runtime. This is interesting and better than the piece-by-piece plugin generation. Let me look into it.

dear chap

Original comment by dear.c...@gmail.com on 28 Jul 2010 at 2:01

GoogleCodeExporter commented 9 years ago
dear Dear,

thanks for replying.
I have read a little about the wire-shark architecture. 
What i meant by my previous post will obviously lead to provide a "built-in 
dissector" for protocol buffers.
This way, the dissector is always available for the user inside the wireshark 
application (example UDP, TCP, HTTP...etc). The dissector will reside in 
libwireshark.so. So any updates to the dissector will lead to recompile this 
library.

Roudy

Original comment by roudy.da...@gmail.com on 24 Sep 2010 at 8:29

GoogleCodeExporter commented 9 years ago
Roudy the latest version of protobuf-wireshark is a runtime version which 
parses proto files at runtime. It wont have the behaviour you want of being 
able to specify a proto file via a file chooser dialog but you can store all 
your proto files in a particular dir and that would be picked up by the 
protobuf plugin on wireshark start. 

Original comment by dear.c...@gmail.com on 29 Apr 2011 at 3:54