Wireshark-dev: Re: [Wireshark-dev] call_dissector() is eating memory
From: "ronnie sahlberg" <[email protected]>
Date: Tue, 15 Aug 2006 20:41:09 +0000
your analysis is correct.

hte reason for this symbol not to be exported was merely that it was
never anticipated that dissectors would be called without going
through epan_dissect_run()

i have exported that symbol now.

do you have a page/description of your tool. would be interesting to
see what external tools use libwireshark for.

(by the way,   since libwireshark is GPL and not LGPL  your tool must
also be under a GPL licence)

On 8/15/06, Oleg Kostenko <[email protected]> wrote:

I am developing an application that uses libwireshark.dll to decode

The protocol of each packet is known before the dissection is started, so I
just find the needed dissector with find_dissector() and then start
dissection with call_dissector(). The code that does it is a slightly
different version of dissect_packet().

The dissection is performed multiple times a second and I've noticed
that the amount of memory that the process occupies increases with each

In epan.c, in the epan_dissect_run() function just before the call to
dissect_packet() there's a call to ep_free_all(). If I do the same in my
function, the process stops eating memory. But the problem is that
ep_free_all() is not exported, so I have to make changes to libwireshark.def
and rebuild Wireshark each time I want to upgrade to a new version of

So the question is: is ep_free_all() missing from libwireshark.def by
mistake, or is it something that I do wrong?

Thanks in advance.

Best regards,
 Oleg                          mailto:[email protected]

Wireshark-dev mailing list
[email protected]