FreePastry/tools/wireshark/README.txt

149 lines
5.9 KiB
Plaintext
Raw Normal View History

2019-05-13 12:45:05 +00:00
This document is a HOWTO for the FreePastry plugin testers. It describes how to build the wireshark plugin, how to use it and how to update it.
A complete documentation about wireshark can be found here:
http://www.wireshark.org/docs/wsdg_html/
Notes:
The FreePastry plugin code is compliant with the 0.99.5 build of wireshark.
If, for some reasons, you need to build the plugin for a wireshark/etheral version prior to 0.99.5, you have to:
* edit packet-freepastry.c
* find the function get_freepastry_pdu_len (~line 1229) and update arguments list
from: static guint get_freepastry_pdu_len(packet_info *pinfo _U_, tvbuff_t *tvb, int offset)
to: static guint get_freepastry_pdu_len(tvbuff_t *tvb, int offset)
Directly compile the plugin (not recommended):
You can try to directly compile the plugin for your system and to copy the library into an already installed wireshark directory (plugins/<version>).
Unfortunately, chances are it does not work.
Compile Wireshark + FreePastry Plugin:
You will have to compile the whole source and then to update some top-level files.
1) Install the source for wireshark:
Unix:http://www.wireshark.org/docs/wsdg_html/#ChSetupUNIX
Windows: http://www.wireshark.org/docs/wsdg_html/#ChSetupWin32 (follow the steps through section 2.2.7)
2) copy freepastry plugin
option a) from the freepastry src distribution
copy <freepastry-src-folder>/tools/wireshark/ <wireshark-src-folder>/plugins/freepastry/
option b) from the freepastry svn server
cd <wireshark-src-folder>/plugins/
svn co --username anonymous --password anonymous https://svn.mpi-sws.mpg.de/svn/freepastry/trunk/pastry/tools/wireshark freepastry
3. Add FreePastry to wireshark's make files:
You must apply the following changes:
* Unix:
configure (~line 31812)
add plugins/freepastry/Makefile to the list of ac_config_files
configure.in (~line 1371)
add plugins/freepastry/Makefile to the list of AC_OUTPUT
plugins/Makefile.am (~line 32)
add "freepastry \" to the list of SUBDIRS
plugins/Makefile.in (~line 333)
add "freepastry \" to the list of SUBDIRS
* Windows:
/Makefile.nmake
copy the plugin dll to the distribution
xcopy ".\plugins\freepastry\freepastry.dll" $(INSTALL_DIR)\plugins\$(VERSION) /d (~line 873)
plugins/Makefile.nmake
add "freepastry \" to the list of "all" directive (~line 17)
add the freepastry directive (~line 69)
freepastry::
cd freepastry
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake
cd ..
add the following text for the clean directive (~line 173)
cd freepastry
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake clean
cd ..
add the following text for the distclean directive (~line 245)
cd freepastry
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake distclean
cd ..
add the following text for the maintainer-clean directive (~line 317)
cd freepastry
$(MAKE) /$(MAKEFLAGS) -f Makefile.nmake maintainer-clean
cd ..
add "xcopy freepastry\*.dll $(VERSION) /d" to the install-plugins directive (~line 382)
4. Build
UNIX:
Just run these commands:
./configure
make
make install
If the configure fails, you simply need to install the missing binary/library with your favorite installation package tool (yum, apt-get...)
Tips: If your OS is a fedora core 6, use ./configure --without-net-snmp --without-ucd-snmp
Note: The resulting library is likely to be compatible with the official binary package of wireshark/ethereal of your system
Windows:
continue on to section 2.2.8: http://www.wireshark.org/docs/wsdg_html/#id4716991
Note: Windows Wireshark binaries are compiled with VC6. If you do not have this (old) compiler, you will have to compile the whole source and use this home-made build.
5. Test
Here are some basic filtering options:
-Show only the FreePastry KBR traffic: freepastry
-Show only the Scribe traffic: scribe
-Show only the Past traffic: past
-Show only the GCPast traffic: gcpast
-Show only the Replication Manager traffic: replication
-Show only traffic related to an Id starting with 0xAE4567...: freepastry.id contains "AE4567"
A complete list of available filter parameters is available in the expression window (accessible from the filter toolbar)
Common objects are directly registered with freepastry.xxxx. i.e: If you are looking for the target field (Id type) in a Scribe Message, the correct filter to use is freepastry.id...
Note: CommonApi application dissectors are experimental and not fully tested. If you detect a problem, please report the bug to dav176fr@yahoo.fr.
It will be easier for me if you include a pcap file corresponding to the capture. However, do not forget that I could be able to see personal information from your traces (be careful about what you are sending to me and use the filter option with the "save as" wireshark command)
6. Code
Here are some documents you must have to read before starting to code
http://www.wireshark.org/docs/wsdg_html/#ChapterDissection
doc/README.plugins
doc/README.developer
doc/README.malloc
If you need write a dissector for a new common api application, packet-past.c can be a good source of inspiration.
If you want your dissector be called by the freepastry dissector, you have to find out what are the 16 first bits of your subaddress (in a PastryEndpoint Message) and register your dissector with the "commonapi.app" key.
exemple:
void
proto_reg_handoff_myapp(void)
{
static int Initialized=FALSE;
if (!Initialized) {
myapp_handle = create_dissector_handle(dissect_myapp, proto_myapp);
dissector_add("commonapi.app", 0x1234, myapp_handle);
}
}
The FreePastry dissector only tags the AppSocket traffic. It does not offer the possibility to give the control of AppSocket traffic to another dissector.
If someone needs this functionality, I could probably add a call for an heuristic dissector to handle it...
7. Plan for the future
Include the plugin into the official distribution (When FreePastry 2.0 is out)
Write a wiki page for freepastry http://wiki.wireshark.org/ProtocolReference