OpenFlow Wireshark Dissector on Mac OS Mavericks
It’s been a while since I’ve wrote the little guides on getting the OpenFlow Wireshark dissector from the OpenFlow reference implementation running in Windows and in Mac OS Snow Leopard and Lion. Then latter one has since been updated with some notes about Mountain Lion and a later version of Wireshark (1.10.1), but even those are now out of date. Even though official OpenFlow support in the form of a new dissector is coming to Wireshark in 1.12 (expected later this year), I thought I’d do one last guide on how to build the old one for Mac OS Mavericks and the latest Wireshark release (1.10.7).
Our goals are pretty much the same as last time, but slightly updated:
- Build the updated version of the OpenFlow Wireshark dissector that originally came with the OpenFlow reference distribution
- We’re going to use Homebrew to get our dependencies
- We’re going to use the standard binary Wireshark distribution
- We want this to work on Mac OS X Mavericks
Item #1 was altered here because the version that actually came with the reference distribution needs patches to compile against current versions of Wireshark. The updated version actually has its own whole different build system. It’s possible you could get it to build on a Mac straight out of its current repository, but I never bothered to try figuring it out, and instead just smash it together with the old reference version and compile it the same way I used to.
Item #3 continues to be the interesting one. If you wanted to build all of Wireshark using Homebrew, you might have a little bit easier of a time. I specifically didn’t do this because I imagine the reason Homebrew’s Wireshark formula doesn’t build the Wireshark GUI by default is because it will have to pull in a zillion packages to do it, and I’d rather just grab the Wireshark binary off of their website and be done with it. So this way is still a bit of a hatchet job, but it still works.
First things first — if you don’t have Homebrew, get it:
ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
And if you don’t have it, grab Wireshark from their downloads page. You may also need to upgrade if your copy is older.
Once you’ve got those, you should be ready to start…
# Make a directory to work in mkdir openflow_wireshark cd openflow_wireshark # Install stuff from Homebrew brew install git brew install hg brew install gettext brew install pkg-config # Switch to version of glib this version of Wireshark used (more or less) brew uninstall glib pushd /usr/local git checkout 2965f95bd53 /usr/local/Library/Formula/glib.rb brew install glib git checkout HEAD /usr/local/Library/Formula/glib.rb popd # Grab the Wireshark source curl "http://wiresharkdownloads.riverbed.com/wireshark/src/all-versions/wireshark-1.10.7.tar.bz2" > ws.tar.bz2 tar jxf ws.tar.bz2 # Grab the OpenFlow reference implementation source git clone git://gitosis.stanford.edu/openflow.git # Grab newer OpenFlow dissector code hg clone https://bitbucket.org/barnstorm/of-dissector # Don't use the Wireshark headers included with the OpenFlow code cd openflow/utilities/wireshark_dissectors/ mv wireshark-1.0.0-includes/ wireshark-1.0.0-includes.old ln -s ../../../wireshark-1.10.7/ wireshark-1.0.0-includes # Configure the Wireshark source cd wireshark-1.0.0-includes ./configure --without-python --disable-wireshark --disable-dependency-tracking cd .. # Use files from newer Wireshark dissector cp ../../../of-dissector/src/*.[ch] openflow/ # Fix up the Makefile for the Mac cd openflow cp Makefile Makefile.old sed -e 's:^LDFLAGS = .*:LDFLAGS = -Wl,-rpath -Wl,/Applications/Wireshark.app/Contents/Resources/lib -L/Applications/Wireshark.app/Contents/Resources/lib -L$(WIRESHARK_SRC_DIR)/epan -L. -lgmodule-2.0 -ldl -lglib-2.0 -lwireshark -Wl,-dylib:' Makefile.old > Makefile # Build and copy into destination make mkdir -p ~/.wireshark/plugins cp packet-openflow.so ~/.wireshark/plugins # Optionally, clean up brew remove glib brew remove pkg-config brew remove gettext
.. and that’s it! Happy Wiresharking!