protobuf-wireshark编译小结
一直使用protobuf作为网络开发的私有协议消息通信。但是抓包分析是个问题。幸好目前已经有了支持wireshark的protobuf插件。该插件是基于linux的代码编写的。
1. 首先要先搭建好wireshark编译环境,可以参考官方的wireshark编译环境配置,安装上面的配置基本上是无问题。
本人出现在 nmake -f Makefile.name setup 时出现了解压压缩包失败的问题,打开 tools/win-setup.sh文件,注释掉unzip的相关命令即可,后续编译过程中,根据错误提示,自己手动解压。
2. 下载protobuf-wireshark代码,到google下载,下载protobuf-wireshark-runtime-0.1.tar.gz文件
3. 解压protobuf-wireshark-runtime-0.1.tar.gz文件后,修改 wireshark.conf配置文件。设置wireshark的源代码和安装目录,本人配置如下
wireshark_src_dir : /cygdrive/h/wireshark-1.8.6
wireshark_install_dir : /cygdrive/c/Program Files/Wireshark
wireshark_version : 1.8.6
4. 启动cygwin终端,并切换到protobuf-wireshark-runtion-0.1的目录下面,本人地址为;/cygdrive/h/a/protobuf-wireshark-runtime-0.1
5. 执行$ ./make_wireshark_plugin.py wireshark.conf
注意:编译是通不过的,因为该工程是针对linux的,而我们要的是windows的版本。
执行后,在wireshark\plusins目录下会创建protobuf目录,并且生成了moduleinfo.h、Makefile.am、packet-protobuf.c、wireshark-glue-protobuf.o四个文件
同时在protobuf-wireshark-runtime-0.1源代码目录下也会生成2个c++文件wireshark-glue-protobuf.h和wireshark-glue-protobuf.cc,把这2个文件拷贝到plugins\protobuf目录下面。
6. 切换到plugins\protobuf目录,并从其他插件目录拷贝 Makefile.common、moduleinfo.nmake、Makefile.nmake、plugin.rc.in 4个文件,并对这写文件做修改。
wireshark的所有源代码都是基于c语言的,但是protobuf插件多了c++文件。
7.一下是本人修改后的文件。
1) moduleinfo.nmake文件内容
#
# $Id: moduleinfo.nmake 20157 2006-12-19 22:23:22Z jake $
#
# The name
PACKAGE=protobuf
# The version
MODULE_VERSION_MAJOR=0
MODULE_VERSION_MINOR=1
MODULE_VERSION_MICRO=0
MODULE_VERSION_EXTRA=0
#
# The RC_VERSION should be comma-separated, not dot-separated,
# as per Graham Bloice's message in
#
# http://www.ethereal.com/lists/ethereal-dev/200303/msg00283.html
#
# "The RC_VERSION variable in config.nmake should be comma separated.
# This allows the resources to be built correctly and the version
# number to be correctly displayed in the explorer properties dialog
# for the executables, and XP's tooltip, rather than 0.0.0.0."
#
MODULE_VERSION=$(MODULE_VERSION_MAJOR).$(MODULE_VERSION_MINOR).$(MODULE_VERSION_MICRO).$(MODULE_VERSION_EXTRA)
RC_MODULE_VERSION=$(MODULE_VERSION_MAJOR),$(MODULE_VERSION_MINOR),$(MODULE_VERSION_MICRO),$(MODULE_VERSION_EXTRA)
Makefile.nmake文件内容
注意:这里需要设置protobuf的头文件和lib库,如果没有protobuf工程,请先编译protobuf工程。
# Makefile.nmake
# nmake file for Wireshark plugin
#
# $Id: Makefile.nmake 42971 2012-06-01 14:08:12Z wmeier $
#
PROTOBUF_DIR=F:\OpenSource\protobuf-2.4.1\src
PROTOBUF_LIB=F:\OpenSource\protobuf-2.4.1\vsprojects\Release\libprotobuf.lib
include ..\..\config.nmake
include moduleinfo.nmake
PLUGIN_NAME=protobuf
DISSECTOR_SRC=packet-protobuf.c
DISSECTOR_SRCC=wireshark-glue-protobuf.cc
DISSECTOR_SUPPORT_SRC=
DISSECTOR_INCLUDES=wireshark-glue-protobuf.h moduleinfo.h
CFLAGS=$(WARNINGS_ARE_ERRORS) $(STANDARD_CFLAGS) \
/I../.. $(GLIB_CFLAGS) \
/I$(PROTOBUF_DIR)
.c.obj::
$(CC) $(CFLAGS) -Fd.\ -c $<
.cc.obj::
$(CC) $(CFLAGS) -Fd.\ -c $<
LDFLAGS = $(PLUGIN_LDFLAGS)
!IFDEF ENABLE_LIBWIRESHARK
LINK_PLUGIN_WITH=..\..\epan\libwireshark.lib ..\..\wsutil\libwsutil.lib $(PROTOBUF_LIB)
CFLAGS=/D_NEED_VAR_IMPORT_ $(CFLAGS)
DISSECTOR_OBJECTS = $(DISSECTOR_SRC:.c=.obj)
DISSECTOR_OBJECTSS = $(DISSECTOR_SRCC:.cc=.obj)
DISSECTOR_SUPPORT_OBJECTS = $(DISSECTOR_SUPPORT_SRC:.c=.obj)
OBJECTS = $(DISSECTOR_OBJECTS) $(DISSECTOR_SUPPORT_OBJECTS) $(DISSECTOR_OBJECTSS)
RESOURCE=$(PLUGIN_NAME).res
all: $(PLUGIN_NAME).dll
$(PLUGIN_NAME).rc : moduleinfo.nmake
sed -e s/@PLUGIN_NAME@/$(PLUGIN_NAME)/ \
-e s/@RC_MODULE_VERSION@/$(RC_MODULE_VERSION)/ \
-e s/@RC_VERSION@/$(RC_VERSION)/ \
-e s/@MODULE_VERSION@/$(MODULE_VERSION)/ \
-e s/@PACKAGE@/$(PACKAGE)/ \
-e s/@VERSION@/$(VERSION)/ \
-e s/@MSVC_VARIANT@/$(MSVC_VARIANT)/ \
< plugin.rc.in > $@
$(PLUGIN_NAME).dll $(PLUGIN_NAME).exp $(PLUGIN_NAME).lib : $(OBJECTS) $(LINK_PLUGIN_WITH) $(RESOURCE)
link -dll /out:$(PLUGIN_NAME).dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) \
$(GLIB_LIBS) $(RESOURCE)
#
# Build plugin.c, which contains the plugin version[] string, a
# function plugin_register() that calls the register routines for all
# protocols, and a function plugin_reg_handoff() that calls the handoff
# registration routines for all protocols.
#
# We do this by scanning sources. If that turns out to be too slow,
# maybe we could just require every .o file to have an register routine
# of a given name (packet-aarp.o -> proto_register_aarp, etc.).
#
# Formatting conventions: The name of the proto_register_* routines an
# proto_reg_handoff_* routines must start in column zero, or must be
# preceded only by "void " starting in column zero, and must not be
# inside #if.
#
# DISSECTOR_SRC is assumed to have all the files that need to be scanned.
#
# For some unknown reason, having a big "for" loop in the Makefile
# to scan all the files doesn't work with some "make"s; they seem to
# pass only the first few names in the list to the shell, for some
# reason.
#
# Therefore, we have a script to generate the plugin.c file.
# The shell script runs slowly, as multiple greps and seds are run
# for each input file; this is especially slow on Windows. Therefore,
# if Python is present (as indicated by PYTHON being defined), we run
# a faster Python script to do that work instead.
#
# The first argument is the directory in which the source files live.
# The second argument is "plugin", to indicate that we should build
# a plugin.c file for a plugin.
# All subsequent arguments are the files to scan.
#
!ENDIF
clean:
rm -f $(OBJECTS) $(RESOURCE) *.pdb *.sbr \
$(PLUGIN_NAME).dll $(PLUGIN_NAME).dll.manifest $(PLUGIN_NAME).lib \
$(PLUGIN_NAME).exp $(PLUGIN_NAME).rc
distclean: clean
maintainer-clean: distclean
checkapi:
# TODO: Fix api's :)
# $(PERL) ../../tools/checkAPIs.pl -g abort -g termoutput -build $(DISSECTOR_SRC) $(DISSECTOR_INCLUDES)
Makefile.common文件的内容被我移到了Makefile.nmake,不知道为何独立放置在Makefile.common的时候编译通不过。
plugin.rc.in文件内容无需修改。
8。修改plugins目录下的Makefile.nmake,增加protobuf工程的编译。
9.重新编译wireshark。
提示:需要下载dirent-1.13.zip,解压后把dirent.h放到VC\Include目录下面,这是一个模拟linux dir相关接口的源代码。
10.把 plugins\protobuf\protobuf.dll 拷贝到wireshark安装目录下plugins\版本号\ 目录下。
11. 在wireshark 安装目录下创建protobuf目录,用于放置protobuf的配置文件和消息定义文件。
12.启动你的wireshark,可以开始抓包分析google protobuf消息了。。
一波三折在所难免,祝你好运!!!