Wireshark-dev: Re: [Wireshark-dev] Using wireshark apis
From: Eloy Paris <[email protected]>
Date: Thu, 3 Apr 2008 20:51:26 -0400

On Thu, Apr 03, 2008 at 07:57:02PM +0200, Luis EG Ontanon wrote:

> Merge, don't fork!
> Unless unfeasible, the drive should be to add functionality to the
> existing apps instead of writing new ones.

I don't know what the other guys that have asked about libwireshark
have in mind for the applications they are writing, but in my case, I
believe that the functionality of my application has no place in any of
the applications distributed with the wireshark suite. If the wireshark
developers think that crafting packets instead of just dissecting them
is something that could be added to the framework then perhaps my
application has a place in the wireshark suite.

> libwireshark was made into a lib to hold what wireshark and tshark had
> to have in common, not to become a dissection libary for other apps.

Well, perhaps it was a side effect of a decision like the one you
mention, but once you put common code in a library it is inevitable
that other applications will start to use it. And I do not think anyone
should view this as a negative thing - thousands of hours have gone
into the development of the wireshark framework. That someone views
the framework as something attractive for application development is a
compliment to the project and its developers.

And for the application developer, it would be very foolish to try
re-invent the wheel by writing from scratch a packet dissection
framework provided that it is feasible to write the application to use
libwireshark services for that function.

> I do not think there has never been an intention to share
> libwireshark, and that's why there's no documentation on how to use
> it.

This will change as soon as we start to see successful applications
beside wireshark and tshark that use libwireshark. I've already
volunteered to write a README.libwireshark, for example.

> BTW it is GPLd not LGPLd, i.e.: programs that link to it must be GPLd.

We're crystal clear on this point. I am sure this is a deal breaker for
some, but it's definitely not for me.

Regarding my application, I am still prototyping, but initial results
do seem to indicate that moving away from my crappy and inferior packet
dissection code and to a libwireshark-based approach will pay off. I
hope to have soon something I can share with the wireshark developers.


Eloy Paris.-