Re: [Wireshark-dev] regarding packet capture

Wed, 04 Jun 2008 09:17:45 -0700 

I was going through the basic architecture of wireshark and i came to know 
that capture module deals with libpcap api's and pas sinformation to core 
module. this core module will than pass it to epan where actually, if i am 
not wrong, the tree will be constructed from the buffer it gets.

I was browsing the code of capture file, in capture_loop.c file I got the 
following line of code 

 inpkts = pcap_dispatch(ld->pcap_h, 1, ld->packet_cb, (u_char *)ld);
        if (inpkts < 0) {
          ld->pcap_err = TRUE;
          ld->go = FALSE; /* error or pcap_breakloop() - stop capturing */
        }

where ld->packet_cb will be the handler called to process the packet. I 
serched the code but i did not find where and which function's address is 
assigned to this function pointer. At this point also I am supposing that 
data will be processed. Can you plz put some more light on it and let me 
know the path to construct a protocol tree from the buffer which is 
processed. If I am not wrong the tree used for protocol will be a a 
generic tree and not specific kinda trees like binary tree and all. 

Plz clarify it a bit, as I am in urgent need of browsing and understanding 
the code.

I appreciate your help in advance.




Guy Harris <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
06/03/2008 01:33 PM
Please respond to
Developer support list for Wireshark <[email protected]>


To
Developer support list for Wireshark <[email protected]>
cc

Subject
Re: [Wireshark-dev] regarding packet capture






Amit Paliwal wrote:

> Thanx for the suggestion, I went through the directory which provides 
> very very minimal information its like hardly 20 lines written there 
> that does not suffice for my query.
> 
> kindly suggest some more ways to get that understanding.

See

                 
http://www.cacetech.com/SHARKFEST.08/D02_Combs_Intro%20to%20Writing%20Wireshark%20Packet%20Dissectors.ppt


and some of the other presentations at

                 http://www.cacetech.com/SHARKFEST.08/

such as Ulf Lampings and mine.
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev

______________________________________________________________________



______________________________________________________________________
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Reply via email to