Hi Roland and others,
Since v2.5.0rc0-2085-gd5d815189d, there is a memory leak for every
capture event. One of the many events (as reported by LeakSanitizer):
Indirect leak of 112 byte(s) in 1 object(s) allocated from:
#0 0x55641541d1a1 in operator new(unsigned long)
On Mar 25, 2018, at 11:35 AM, Paul Offord wrote:
> I have real dissector code that builds a protocol tree and so I guess this
> falls under libwireshark.
Yes.
> However, I also have two block read functions that are registered like this:
>
>
Thanks for the advice (and note from Evan).
I haven't even begun to consider things like capinfos, mergecap, tshark, etc.
I guess now is the time to think about these things.
So just to clarify things here:
I have real dissector code that builds a protocol tree and so I guess this
falls
On Mar 25, 2018, at 10:39 AM, Paul Offord wrote:
> Even bigger aha. Although I only have one new block in the pcapng file, when
> I open the file via the file explorer dialogue, my block reader is called
> twice; once to allow WS to enrich the dialogue box (I think)
Even bigger aha. Although I only have one new block in the pcapng file, when I
open the file via the file explorer dialogue, my block reader is called twice;
once to allow WS to enrich the dialogue box (I think) and a second time to read
the block before dissection. I never noticed this
Hi Paul, that’s an interesting case you’ve found. The file scope was
definitely intended for file-scoped dissection memory (which is why it is
enabled in init_dissection() and not earlier in the file lifecycle) but I
can definitely see the use for it in writing a block reader too.
I think it is
Aha - whilst what I've written below is true, it doesn't accurately reflect the
issue.
If I start Wireshark and double click on a file in the recently opened list,
part of the processing is this:
cf_open() calls
ws_epan_new() calls
epan_new() calls
init_dissection() calls
Hi,
Still working on my new block reader. To recap, I've defined a new pcapng
block type and written a dissector. The first thing I have to do is read the
new block type, and Wireshark provides a framework to do this. In the new
block reader I define some space like this: