protobuf-wireshark编译小结

一直使用protobuf作为网络开发的私有协议消息通信。但是抓包分析是个问题。幸好目前已经有了支持wireshark的protobuf插件。该插件是基于linux的代码编写的。

1. 首先要先搭建好wireshark编译环境，可以参考官方的wireshark编译环境配置，安装上面的配置基本上是无问题。

  本人出现在 nmake -f Makefile.name setup 时出现了解压压缩包失败的问题，打开 tools/win-setup.sh文件，注释掉unzip的相关命令即可，后续编译过程中，根据错误提示，自己手动解压。

2. 下载protobuf-wireshark代码，到google下载，下载protobuf-wireshark-runtime-0.1.tar.gz文件

3. 解压protobuf-wireshark-runtime-0.1.tar.gz文件后，修改 wireshark.conf配置文件。设置wireshark的源代码和安装目录，本人配置如下

wireshark_src_dir     : /cygdrive/h/wireshark-1.8.6
wireshark_install_dir : /cygdrive/c/Program Files/Wireshark
wireshark_version     : 1.8.6

4. 启动cygwin终端，并切换到protobuf-wireshark-runtion-0.1的目录下面，本人地址为；/cygdrive/h/a/protobuf-wireshark-runtime-0.1

5. 执行$ ./make_wireshark_plugin.py wireshark.conf 

  注意：编译是通不过的，因为该工程是针对linux的，而我们要的是windows的版本。

  执行后，在wireshark\plusins目录下会创建protobuf目录，并且生成了moduleinfo.h、Makefile.am、packet-protobuf.c、wireshark-glue-protobuf.o四个文件

 同时在protobuf-wireshark-runtime-0.1源代码目录下也会生成2个c++文件wireshark-glue-protobuf.h和wireshark-glue-protobuf.cc，把这2个文件拷贝到plugins\protobuf目录下面。

6. 切换到plugins\protobuf目录，并从其他插件目录拷贝 Makefile.common、moduleinfo.nmake、Makefile.nmake、plugin.rc.in 4个文件，并对这写文件做修改。

  wireshark的所有源代码都是基于c语言的，但是protobuf插件多了c++文件。

7.一下是本人修改后的文件。

1) moduleinfo.nmake文件内容

## $Id: moduleinfo.nmake 20157 2006-12-19 22:23:22Z jake $## The namePACKAGE=protobuf# The versionMODULE_VERSION_MAJOR=0MODULE_VERSION_MINOR=1MODULE_VERSION_MICRO=0MODULE_VERSION_EXTRA=0## The RC_VERSION should be comma-separated, not dot-separated, # as per Graham Bloice's message in##http://www.ethereal.com/lists/ethereal-dev/200303/msg00283.html## "The RC_VERSION variable in config.nmake should be comma separated. # This allows the resources to be built correctly and the version# number to be correctly displayed in the explorer properties dialog# for the executables, and XP's tooltip, rather than 0.0.0.0."#MODULE_VERSION=$(MODULE_VERSION_MAJOR).$(MODULE_VERSION_MINOR).$(MODULE_VERSION_MICRO).$(MODULE_VERSION_EXTRA)RC_MODULE_VERSION=$(MODULE_VERSION_MAJOR),$(MODULE_VERSION_MINOR),$(MODULE_VERSION_MICRO),$(MODULE_VERSION_EXTRA)

Makefile.nmake文件内容

注意：这里需要设置protobuf的头文件和lib库，如果没有protobuf工程，请先编译protobuf工程。

# Makefile.nmake# nmake file for Wireshark plugin## $Id: Makefile.nmake 42971 2012-06-01 14:08:12Z wmeier $#PROTOBUF_DIR=F:\OpenSource\protobuf-2.4.1\srcPROTOBUF_LIB=F:\OpenSource\protobuf-2.4.1\vsprojects\Release\libprotobuf.libinclude ..\..\config.nmakeinclude moduleinfo.nmakePLUGIN_NAME=protobufDISSECTOR_SRC=packet-protobuf.cDISSECTOR_SRCC=wireshark-glue-protobuf.ccDISSECTOR_SUPPORT_SRC=DISSECTOR_INCLUDES=wireshark-glue-protobuf.h moduleinfo.hCFLAGS=$(WARNINGS_ARE_ERRORS) $(STANDARD_CFLAGS) \/I../.. $(GLIB_CFLAGS) \/I$(PROTOBUF_DIR).c.obj::$(CC) $(CFLAGS) -Fd.\ -c $<.cc.obj::$(CC) $(CFLAGS) -Fd.\ -c $<LDFLAGS = $(PLUGIN_LDFLAGS)!IFDEF ENABLE_LIBWIRESHARKLINK_PLUGIN_WITH=..\..\epan\libwireshark.lib ..\..\wsutil\libwsutil.lib $(PROTOBUF_LIB)CFLAGS=/D_NEED_VAR_IMPORT_ $(CFLAGS)DISSECTOR_OBJECTS = $(DISSECTOR_SRC:.c=.obj)DISSECTOR_OBJECTSS = $(DISSECTOR_SRCC:.cc=.obj)DISSECTOR_SUPPORT_OBJECTS = $(DISSECTOR_SUPPORT_SRC:.c=.obj)OBJECTS = $(DISSECTOR_OBJECTS) $(DISSECTOR_SUPPORT_OBJECTS) $(DISSECTOR_OBJECTSS)RESOURCE=$(PLUGIN_NAME).resall: $(PLUGIN_NAME).dll$(PLUGIN_NAME).rc : moduleinfo.nmakesed -e s/@PLUGIN_NAME@/$(PLUGIN_NAME)/ \-e s/@RC_MODULE_VERSION@/$(RC_MODULE_VERSION)/ \-e s/@RC_VERSION@/$(RC_VERSION)/ \-e s/@MODULE_VERSION@/$(MODULE_VERSION)/ \-e s/@PACKAGE@/$(PACKAGE)/ \-e s/@VERSION@/$(VERSION)/ \-e s/@MSVC_VARIANT@/$(MSVC_VARIANT)/ \< plugin.rc.in > $@$(PLUGIN_NAME).dll $(PLUGIN_NAME).exp $(PLUGIN_NAME).lib : $(OBJECTS) $(LINK_PLUGIN_WITH) $(RESOURCE)link -dll /out:$(PLUGIN_NAME).dll $(LDFLAGS) $(OBJECTS) $(LINK_PLUGIN_WITH) \$(GLIB_LIBS) $(RESOURCE)## Build plugin.c, which contains the plugin version[] string, a# function plugin_register() that calls the register routines for all# protocols, and a function plugin_reg_handoff() that calls the handoff# registration routines for all protocols.## We do this by scanning sources.  If that turns out to be too slow,# maybe we could just require every .o file to have an register routine# of a given name (packet-aarp.o -> proto_register_aarp, etc.).## Formatting conventions:  The name of the proto_register_* routines an# proto_reg_handoff_* routines must start in column zero, or must be# preceded only by "void " starting in column zero, and must not be# inside #if.## DISSECTOR_SRC is assumed to have all the files that need to be scanned.## For some unknown reason, having a big "for" loop in the Makefile# to scan all the files doesn't work with some "make"s; they seem to# pass only the first few names in the list to the shell, for some# reason.## Therefore, we have a script to generate the plugin.c file.# The shell script runs slowly, as multiple greps and seds are run# for each input file; this is especially slow on Windows.  Therefore,# if Python is present (as indicated by PYTHON being defined), we run# a faster Python script to do that work instead.## The first argument is the directory in which the source files live.# The second argument is "plugin", to indicate that we should build# a plugin.c file for a plugin.# All subsequent arguments are the files to scan.#!ENDIFclean:rm -f $(OBJECTS) $(RESOURCE) *.pdb *.sbr \    $(PLUGIN_NAME).dll $(PLUGIN_NAME).dll.manifest $(PLUGIN_NAME).lib \    $(PLUGIN_NAME).exp $(PLUGIN_NAME).rcdistclean: cleanmaintainer-clean: distcleancheckapi:# TODO: Fix api's :)#$(PERL) ../../tools/checkAPIs.pl -g abort -g termoutput -build $(DISSECTOR_SRC) $(DISSECTOR_INCLUDES)

Makefile.common文件的内容被我移到了Makefile.nmake，不知道为何独立放置在Makefile.common的时候编译通不过。

plugin.rc.in文件内容无需修改。

8。修改plugins目录下的Makefile.nmake，增加protobuf工程的编译。

9.重新编译wireshark。

提示：需要下载dirent-1.13.zip，解压后把dirent.h放到VC\Include目录下面，这是一个模拟linux dir相关接口的源代码。

10.把 plugins\protobuf\protobuf.dll 拷贝到wireshark安装目录下plugins\版本号\ 目录下。

11. 在wireshark 安装目录下创建protobuf目录，用于放置protobuf的配置文件和消息定义文件。

12.启动你的wireshark，可以开始抓包分析google protobuf消息了。。

 一波三折在所难免，祝你好运！！！