Wireshark Development

This is the development section of the Wireshark wiki.

Beginner?

If you are new to Wireshark development, please set up your build environment first:

• Get the source code from the Wireshark development webpage

• Windows: the Developer's Guide is currently invaluable for setting up a development environment in Microsoft Windows

• Unix-like: you may find information in the README.xxx file suitable for your target platform - in the root directory of the Wireshark sources

• Required Libraries and Packages: for essential and optional external dependencies on Unix and Windows, see the Library reference in the Wireshark Developer's Guide

Now it's time to tweak the code:

• doc/README.developer the best manual about Wireshark dissector development so far, you will also find that one in the documentation directory of the Wireshark sources - please read and thoroughly understand all of the "Portability" and "Robustness" sections before writing any Wireshark code!

• … of course you should have a look at the Wireshark sources itself!

General

• Wireshark documentation webpage: the latest version of the Wireshark User's Guide and the Wireshark Developer's Guide in different formats (PDF, HTML, …)

• LifeCycle: Life Cycle information on Wireshark releases

• Roadmap: Roadmap for upcoming Wireshark releases

• Wishlist: Wish list for internal features and architectural changes (as opposed to user-visible features WishList)

• SendingFilesToWireshark: Tips on sending files to the Wireshark mailing lists

• Translations: Why it's not a good idea to translate Wireshark into spanish/german/… language

Development

General

• Creating Patches: Tips on creating patches before submitting them

• Submitting Patches: Introduction to using Git & GitLab to submit and review patches

• Secure Programming How to write more secure code, e.g. replace insecure ANSI-C calls by more secure ones

• Common Problems: Some common problems while developing Wireshark

• Tips: Some selected wisdom to ease development/debugging

• Libpcap File Format A libpcap file format description

• Canary Finding and fixing memory over- and under-runs with canaries

• pyreshark: A Wireshark plugin providing a simple interface for writing dissectors in Python.

• Support library version tracking A page for tracking what OS distributions came with what versions of various libraries with which Wireshark is built

• Windows Libraries Describes how Windows libraries are built and the procedure for updating those.

Character encodings

• Character encodings: Character encodings used in Wireshark and the systems on which Wireshark runs

• Platform string encoding: Dealing with non-UTF-8 strings other than strings in packets, such as file names and environment variables

Non-C dissectors

• Lua: Extending Wireshark with the extensible extension language

• Generic dissector (http://wsgd.free.fr/) : display clearly your data inside wireshark without any code

Projects

Design ideas

• Wiretap Pcapng Changes to wiretap to support pcapng

• High Speed Capturing High speed capturing improvements

• Decryption Block Define a pcapng decryption block and use it to save decryption information in the file.

• Preference Block Define a pcapng block to store the preference settings needed to view the file.

• Privacy Settings Add privacy settings to determine what to put in a pcapng file.

• Reduce memory footprint Ideas on how to find the memory hogs and reduce the memory usage

In progress

• Custom Columnfication An ongoing project concerning predefined columns -> custom column migration

• Privilege Separation: A proposal to add privilege separation to Wireshark

• Mate: Meta Analysis and Tracing Engine

• Security: Efforts to make Wireshark more secure

• Packet Input: how to get packet data into Wireshark in some "unusual" ways

• String handling in dissectors How string handling should work in Wireshark (ie encoding support, how to deal with invalid strings, etc)

• Optimize PacketList: the packet list isn't optimized for the way we use it, could make a huge difference for large capture files

• CSV Export: Formats and problems with exporting into the CSV format

• Multithreading: a list of what needs to be done in order to achieve it

• SNMP: reworking of OID handling and SNMP dissector

• Optimization: A patch for a faster but maybe slightly broken wireshark

• Fast Filtering: A patch for fast packet filtering interactively

• Pcapng: Read/Write the "PCAP Next Generation Dump File Format" or pcapng

• Python : Extending Wireshark with Python

• SharkTools: A project that provides "matshark" and "pyshark", which integrate Wireshark's packet dissection engine into Matlab and Python.

Completed

• DropWin32GTK1: Thoughts about dropping GTK1 support on Win32

• Patch Handling: Changing patch handling policy

• Examples: Example files, which are used by the various installers as default files

• Replace Deprecated Gtk and GLib Function Usage: An ongoing project to replace use of deprecated GTK and GLib functions.

• Going GTK3: A project to prepare the Shark to migrate from GTK+ 2 to GTK+ 3

• QtShark: Qt based version of Wireshark.

• sharkd: A program that makes Wireshark capabilities available via a programmatic interface.

• Update: Check version and Update Wireshark on a frequent basis

Tools

• Asn2wrs: How to create a dissector using the ASN.1 compiler

• WiresharkEnvCmd: A batch script to set environment variables useful for Windows development on older 1.12.x or earlier versions

• idl2wrs: CORBA IDL to Wireshark Plugin Generator idl2wrs

• Fuzz Testing: tools to stress test protocol dissectors

• Pidl: A perl-based DCE/RPC IDL compiler (and Wireshark dissector generator) developed for Samba 4

• /CodeCoverage: check how much of your code is covered by the test cases

• /SourceMovie: generate a movie about code repository history

Discussion

---

---

Imported from https://wiki.wireshark.org/Development on 2020-08-11 23:12:38 UTC