Wireshark-dev: Re: [Wireshark-dev] call_dissector() is eating memory
From: Oleg Kostenko <[email protected]>
Date: Tue, 22 Aug 2006 16:09:14 +0400
Hello Ronnie,

Thanks for your help.

My application is a simple tool that receives the protocol name and raw
data via the standard input, passes them to libwireshark and writes the
decoded message tree in XML form to the standard output.

The tool is not published yet, and no description is available at the
moment, but we will publish it soon.

Wednesday, August 16, 2006, 12:41:09 AM, you wrote:

rs> your analysis is correct.

rs> hte reason for this symbol not to be exported was merely that it was
rs> never anticipated that dissectors would be called without going
rs> through epan_dissect_run()

rs> i have exported that symbol now.

rs> do you have a page/description of your tool. would be interesting to
rs> see what external tools use libwireshark for.

rs> (by the way,   since libwireshark is GPL and not LGPL  your tool must
rs> also be under a GPL licence)

rs> On 8/15/06, Oleg Kostenko <[email protected]> wrote:
>> Hello,
>> I am developing an application that uses libwireshark.dll to decode
>> packets.
>> The protocol of each packet is known before the dissection is started, so I
>> just find the needed dissector with find_dissector() and then start
>> dissection with call_dissector(). The code that does it is a slightly
>> different version of dissect_packet().
>> The dissection is performed multiple times a second and I've noticed
>> that the amount of memory that the process occupies increases with each
>> dissection.
>> In epan.c, in the epan_dissect_run() function just before the call to
>> dissect_packet() there's a call to ep_free_all(). If I do the same in my
>> function, the process stops eating memory. But the problem is that
>> ep_free_all() is not exported, so I have to make changes to libwireshark.def
>> and rebuild Wireshark each time I want to upgrade to a new version of
>> Wireshark.
>> So the question is: is ep_free_all() missing from libwireshark.def by
>> mistake, or is it something that I do wrong?
>> Thanks in advance.
>> --
>> Best regards,
>>  Oleg                          mailto:[email protected]
>> _______________________________________________
>> Wireshark-dev mailing list
>> [email protected]
>> http://www.wireshark.org/mailman/listinfo/wireshark-dev

Best regards,
 Oleg                            mailto:[email protected]