OpenFlow Wireshark Dissector on Mac OS Mavericks

May 1, 2014 in Mac, ThirdParty, Tips

It’s been a while since I’ve wrote the little guides on getting the OpenFlow Wireshark dissector from the OpenFlow reference implementation running in Windows and in Mac OS Snow Leopard and Lion. Then latter one has since been updated with some notes about Mountain Lion and a later version of Wireshark (1.10.1), but even those are now out of date. Even though official OpenFlow support in the form of a new dissector is coming to Wireshark in 1.12 (expected later this year), I thought I’d do one last guide on how to build the old one for Mac OS Mavericks and the latest Wireshark release (1.10.7).


Our goals are pretty much the same as last time, but slightly updated:

  1. Build the updated version of the OpenFlow Wireshark dissector that originally came with the OpenFlow reference distribution
  2. We’re going to use Homebrew to get our dependencies
  3. We’re going to use the standard binary Wireshark distribution
  4. We want this to work on Mac OS X Mavericks

Item #1 was altered here because the version that actually came with the reference distribution needs patches to compile against current versions of Wireshark. The updated version actually has its own whole different build system. It’s possible you could get it to build on a Mac straight out of its current repository, but I never bothered to try figuring it out, and instead just smash it together with the old reference version and compile it the same way I used to.

Item #3 continues to be the interesting one. If you wanted to build all of Wireshark using Homebrew, you might have a little bit easier of a time.  I specifically didn’t do this because I imagine the reason Homebrew’s Wireshark formula doesn’t build the Wireshark GUI by default is because it will have to pull in a zillion packages to do it, and I’d rather just grab the Wireshark binary off of their website and be done with it. So this way is still a bit of a hatchet job, but it still works.

First things first — if you don’t have Homebrew, get it:

ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"

And if you don’t have it, grab Wireshark from their downloads page. You may also need to upgrade if your copy is older.

As of now, the latest release is 1.10.7 and is identified on the site as “OS X 10.6 and later Intel 64-bit .dmg”. In the About box, it is “v1.10.7-0-g6b931a1 from master-1.10″.

Once you’ve got those, you should be ready to start…

# Make a directory to work in
mkdir openflow_wireshark
cd openflow_wireshark
 
# Install stuff from Homebrew
brew install git
brew install hg
brew install gettext
brew install pkg-config
 
# Switch to version of glib this version of Wireshark used (more or less)
brew uninstall glib
pushd /usr/local
git checkout 2965f95bd53 /usr/local/Library/Formula/glib.rb 
brew install glib
git checkout HEAD /usr/local/Library/Formula/glib.rb
popd
 
# Grab the Wireshark source
curl "http://wiresharkdownloads.riverbed.com/wireshark/src/all-versions/wireshark-1.10.7.tar.bz2" > ws.tar.bz2
tar jxf ws.tar.bz2
 
# Grab the OpenFlow reference implementation source
git clone git://gitosis.stanford.edu/openflow.git
 
# Grab newer OpenFlow dissector code
hg clone https://bitbucket.org/barnstorm/of-dissector
 
# Don't use the Wireshark headers included with the OpenFlow code
cd openflow/utilities/wireshark_dissectors/
mv wireshark-1.0.0-includes/ wireshark-1.0.0-includes.old
ln -s ../../../wireshark-1.10.7/ wireshark-1.0.0-includes
 
# Configure the Wireshark source
cd wireshark-1.0.0-includes
./configure --without-python --disable-wireshark --disable-dependency-tracking
cd ..
 
# Use files from newer Wireshark dissector
cp ../../../of-dissector/src/*.[ch] openflow/
 
# Fix up the Makefile for the Mac
cd openflow
cp Makefile Makefile.old
sed -e 's:^LDFLAGS = .*:LDFLAGS = -Wl,-rpath -Wl,/Applications/Wireshark.app/Contents/Resources/lib -L/Applications/Wireshark.app/Contents/Resources/lib -L$(WIRESHARK_SRC_DIR)/epan -L. -lgmodule-2.0 -ldl -lglib-2.0 -lwireshark -Wl,-dylib:' Makefile.old > Makefile
 
# Build and copy into destination
make
mkdir -p ~/.wireshark/plugins
cp packet-openflow.so ~/.wireshark/plugins
 
# Optionally, clean up
brew remove glib
brew remove pkg-config
brew remove gettext

.. and that’s it! Happy Wiresharking!

5 responses to OpenFlow Wireshark Dissector on Mac OS Mavericks

  1. Hi, I tried 3 or 4 times.

    This is the output that I always get
    packet-openflow.c:3006:82: warning: format specifies type ‘unsigned int’ but the argument has type ‘unsigned long’ [-Wformat]
    snprintf(str, STR_LEN, “%uB were leftover at end of packet”, sz – num_ports*sizeof(struct ofp_phy_port));
    ~~ ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    %lu
    /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.9.sdk/usr/include/secure/_stdio.h:57:62: note:
    expanded from macro ‘snprintf’
    __builtin___snprintf_chk (str, len, 0, __darwin_obsz(str), __VA_ARGS__)
    ^
    packet-openflow.c:188:27: warning: unused variable ‘names_ip_frag’ [-Wunused-const-variable]
    static const value_string names_ip_frag[] = {
    ^
    packet-openflow.c:776:21: warning: unused function ‘indent’ [-Wunused-function]
    static inline char* indent( char* str ) {
    ^
    3 warnings generated.
    gcc -I. -I/usr/local/Cellar/glib/2.36.4/include/glib-2.0 -I/usr/local/Cellar/glib/2.36.4/lib/glib-2.0/include -I/usr/local/opt/gettext/include -I../../../include -DHAVE_CONFIG_H -I../wireshark-1.0.0-includes -I/usr/local/include -I/usr/local/include -DINET6 -D_U_=__attribute__\(\(unused\)\) -Wall -Wpointer-arith -g -I/usr/local/include -DXTHREADS -D_REENTRANT -DXUSE_MTSAFE_API -pthread -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/include/atk-1.0 -I/usr/include/pango-1.0 -I/usr/include/freetype2 -I/usr/include/freetype2/config -I/usr/local/include/glib-2.0 -I/usr/lib/glib-2.0/include -fPIC -DPIC -DOPENFLOW_DST_TCP_PORT=6633 -c -o plugin.o plugin.c
    gcc -shared packet-openflow.o plugin.o -Wl,-rpath -Wl,/Applications/Wireshark.app/Contents/Resources/lib -L/Applications/Wireshark.app/Contents/Resources/lib -L../wireshark-1.0.0-includes/epan -L. -lgmodule-2.0 -ldl -lglib-2.0 -lwireshark -Wl,-dylib -o packet-openflow.so
    ld: library not found for -lgmodule-2.0
    clang: error: linker command failed with exit code 1 (use -v to see invocation)
    make: *** [packet-openflow.so] Error 1

    • I’m not sure what’s going wrong here and probably won’t have much time to look into it for a few weeks. You might try adding -L/usr/local/Cellar/glib/2.36.4/lib to line 52 of the Makefile (which should be setting LDFLAGS).

  2. hi~I have met with new problems(>_<)……
    When I was taking the steps above, I met the first problem:
    ========
    tu065221:openflow_wireshark zhongzhizhen$ brew install libiconv
    Error: No available formula for libiconv
    Apple distributes libiconv with OS X, you can find it in /usr/lib.
    Some build scripts fail to detect it correctly, please check existing
    formulae for solutions.
    =======
    I don't know why it is, and I have to ignore it to continue, then I met with the second problem:
    =======
    tu065221:openflow zhongzhizhen$ make
    gcc -I. -I/opt/local/include/glib-2.0 -I/opt/local/lib/glib-2.0/include -I/opt/local/include -I../../../include -DHAVE_CONFIG_H -I../wireshark-1.0.0-includes -I/usr/local/include -I/usr/local/include -DINET6 -D_U_=__attribute__\(\(unused\)\) -Wall -Wpointer-arith -g -I/usr/local/include -DXTHREADS -D_REENTRANT -DXUSE_MTSAFE_API -pthread -I/usr/include/gtk-2.0 -I/usr/lib/gtk-2.0/include -I/usr/X11R6/include -I/usr/include/atk-1.0 -I/usr/include/pango-1.0 -I/usr/include/freetype2 -I/usr/include/freetype2/config -I/usr/local/include/glib-2.0 -I/usr/lib/glib-2.0/include -fPIC -DPIC -DOPENFLOW_DST_TCP_PORT=6633 -c -o packet-openflow.o packet-openflow.c
    packet-openflow.c:17:10: fatal error: 'config.h' file not found
    #include
    ^
    1 error generated.
    make: *** [packet-openflow.o] Error 1
    =======
    So I can still not build openflow Wireshark dissector on Mac OS Mavericks
    T.T……
    So what should I do next? Thank you!

    • You’re right that it seems to no longer be necessary to use homebrew to get libiconv; I’ve removed it from the guide.

      As for your other issue… are you sure that you didn’t miss a step, like symlinking the wireshark include directory, or running configure on Wireshark?

      I’ve just taken the above, pasted it into a file, and run it as a script — it works fine here.

      If you haven’t missed a step, it might be worth checking the results of the Wireshark configure step. Or just re-doing that step, and making sure it completes successfully.

  3. Thank you very much for your kind help! Now I can use wireshark on my Mac Mavericks to analyze openflow packets!

Leave a reply

You must be logged in to post a comment.

Sign in using...