Documenting Problems That Were Difficult To Find The Answer To

Compiling CORBA IDL Files As Dissectors Into Wireshark

Download a version of Wireshark no earlier than 1.8 (at the time of writing the most recent was 1.10.2, note that I’ve had a terrible time trying to get Wireshark 1.10.x to compile my IDLs, it complains about strings in the IDL files, and have been forced to remain on version 1.8).

Unpack Wireshark

Download a Wireshark tarball from the Wireshark Download site and place it in /tmp/.

export WIRESHARKVER=1.8.10
export ROOTDIR=/tmp
tar -xvjf wireshark-${WIRESHARKVER}.tar.bz2

Prepare IDL Files

Create a directory to put your interface definition language (IDL, or *.idl) files into (myidl/). You’ll also create a directory to receive the compiled IDL files (*.idl.c) named mybuild/.

mkdir myidl
mkdir mybuild
cd myidl

Copy your *.idl into $ROOTDIR/myidl/.

Create Wireshark Dissector Sources from IDL Files

cd $ROOTDIR/myidl
for i in *.idl; do
  export FULLPATH=`pwd`/$i
  export TOOLDIR=$ROOTDIR/wireshark-${WIRESHARKVER}/tools
  pushd $TOOLDIR
  ./idl2wrs $FULLPATH > $ROOTDIR/mybuild/$i.c

If you are missing the omniidl utility then you may have to install a package that supplies omniORB. Note that if your Python complains about the wrong ELF class then just rename the offending library file’s extension and Python should then go looking for the 64-bit equivalent (applies to RedHat distributions).

Add New Dissectors to Wireshark Build

cp $ROOTDIR/mybuild/*.c $ROOTDIR/wireshark-${WIRESHARKVER}/epan/dissectors/
cd $ROOTDIR/wireshark-${WIRESHARKVER}/epan/dissectors/

ls -1 *.idl.c # cut and paste into next step

vi Custom.common
# add copied list of *.idl.c into CUSTOM_DISSECTOR_SRC = with trailing backslashes

Now while editing Custom.common add the names of the compiled dissector files as the following example shows (no trailing backslash on the last line or you’ll get compilation errors):

CUSTOM_DISSECTOR_SRC = Connection.idl.c \
Session.idl.c \

Save the file and continue:

./ # you may have to install automake
./configure --prefix=/usr/local/myshark
nice make -j 2 # -j 2 means use 2 threads (not necessary)
make install

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: