|Main Archive Page > Month Archives > wireshark-dev archives|
On Aug 19, 2010, at 1:28 AM, Thierry Emmanuel wrote:
> I have worked very differently than you, considering Wireshark as a library itself. If you take a look at the epan directory, you'll see that you have all the tools you need to decode any kind of packet.
> You can :
> - Init the library with "epan_init" and "init_dissection" functions
> - Find a dissector with "dissector_table_foreach_handle" and "dissector_handle_get_protocol_index" functions
> - Request the library to process your data against the protocol you want with "call_dissector_only"
No, you can't - not safely.
Dissectors assume, either explicitly or implicitly, that, for each packet, an epan_dissect_t has been initialized, and that the dissection was started by calling epan_dissect_run(), and, if you want all memory allocated while dissecting the packet to be cleaned up after you've dissected the packet, the epan_dissect_t has to be cleaned up as well.
Otherwise, you run the risk of memory leaks, code breaking because something wasn't set up, etc..
Sent via: Wireshark-dev mailing list <firstname.lastname@example.org>