OK - thanks. I'll check again the business about the dissector being called twice during a capture file load (actually I've written a postdissector) in case there isn't a bug. I've written a LUA postdissector in the past and I know that it gets called twice for every frame; once with visited false and then in a second cycle through the frames with visited set to true.
Best regards...Paul -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Guy Harris Sent: 18 December 2015 18:59 To: Developer support list for Wireshark <[email protected]> Subject: Re: [Wireshark-dev] Detecting capture file load finished in a C plugin On Dec 18, 2015, at 10:41 AM, Paul Offord <[email protected]> wrote: > I’m writing a Custom C Plugin. As a capture file is loaded, the callback > dissect_plugin I.e., the plugin is a dissector, rather than a handler for a type of capture file, or a statistical tap? (Yes, there's more than one type of plugin supported.) > is called for every packet loaded twice over. That's probably a bug - one time should suffice when doing the initial read of the file - *BUT*: in TShark with the -2 flag, it will be called once for each packet in the second pass; in Wireshark, it will be called for packets when they're displayed, when they're selected, when a tap is run on them, etc.; so your dissector *must* be capable of handling being called multiple times - no exceptions. > Is there a way I can detect the completion of the load of the capture file? If what you *really* need, in order to handle being called multiple times, is to know whether this is the first time the packet is being dissected, you can pass the pinfo pointer to the PINFO_FD_VISITED() macro, and if it returns "true", this is *not* the first time the packet is being dissected. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe ______________________________________________________________________ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
