On Aug 19, 2010, at 1:28 AM, Thierry Emmanuel wrote: > I have worked very differently than you, considering Wireshark as a library > itself. If you take a look at the epan directory, you'll see that you have > all the tools you need to decode any kind of packet. > > You can : > - Init the library with "epan_init" and "init_dissection" functions > - Find a dissector with "dissector_table_foreach_handle" and > "dissector_handle_get_protocol_index" functions > - Request the library to process your data against the protocol you want with > "call_dissector_only"
No, you can't - not safely. Dissectors assume, either explicitly or implicitly, that, for each packet, an epan_dissect_t has been initialized, and that the dissection was started by calling epan_dissect_run(), and, if you want all memory allocated while dissecting the packet to be cleaned up after you've dissected the packet, the epan_dissect_t has to be cleaned up as well. Otherwise, you run the risk of memory leaks, code breaking because something wasn't set up, etc.. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
