wireshark-dev August 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] libtshark + scripting languag

Re: [Wireshark-dev] libtshark + scripting language support

From: Guy Harris <guy_at_nospam>
Date: Sat Aug 21 2010 - 03:39:03 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>

On Aug 19, 2010, at 1:28 AM, Thierry Emmanuel wrote:

> I have worked very differently than you, considering Wireshark as a library itself. If you take a look at the epan directory, you'll see that you have all the tools you need to decode any kind of packet.
> You can :
> - Init the library with "epan_init" and "init_dissection" functions
> - Find a dissector with "dissector_table_foreach_handle" and "dissector_handle_get_protocol_index" functions
> - Request the library to process your data against the protocol you want with "call_dissector_only"

No, you can't - not safely.

Dissectors assume, either explicitly or implicitly, that, for each packet, an epan_dissect_t has been initialized, and that the dissection was started by calling epan_dissect_run(), and, if you want all memory allocated while dissecting the packet to be cleaned up after you've dissected the packet, the epan_dissect_t has to be cleaned up as well.

Otherwise, you run the risk of memory leaks, code breaking because something wasn't set up, etc..
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev