On Mon, Mar 31, 2008 at 07:14:08PM -0400, Eloy Paris wrote:
> On Thu, Mar 27, 2008 at 04:32:02PM +0100, Luis EG Ontanon wrote:
>
> > I think you won't get very far that way...
> >
> > There's a lot of static variables used to keep state, so what's likely
> > to happen is that the second call to epan_dissect_new() will render
> > the results of the first call unusable.
>
> Yeah, I kinda suspected that. The development wishlist on the wiki
> contains this item:
Sorry, the wiki seemed to be down when I wrote the above, so I forgot to
come back and add the item I was referring to. The wiki is back, so here
is the wiki entry:
"Moving the dissectors into a shared library (libwireshark) is great,
but it's a shared library that still shows its roots as coming from an
application which didn't want to share. That is, Wireshark can have only
one file dissected in memory at once. Many dissectors take advantage
of this design to define global variables. We need to have a struct
(epan_session) which keeps track of all memory that the dissectors
need to use, but only for that particular file. Then Wireshark could
open more than one file, and other apps could more easily make use of
libwireshark. (And it would be one step closer to being able to be built
as a Mac OS X native application; the model in OS X is that one process
normally handles all open files for that application. -Guy Harris)"
Not sure this issue is what prevents me from being able to dissect
multiple packets at the same time but I thought it was somehow related.
Cheers,
Eloy Paris.-
