Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Memory leaks when using epan (follow-up)

From: Emmanuel Thierry <ml@xxxxxxxx>
Date: Tue, 7 Sep 2010 01:49:59 +0200
Hello,

As I said two weeks ago, I have had memory leaks when calling specific routines from wireshark. I have been silent the days after, I had no time to feed the thread. My project (and my job) is now finished, I come back to continue the topic.
So, this problem is solved, I want to thank everyone who helped me. As said Guy Harris, I didn't called cleanup functions the right way. Once fixed, I got a really stable wrapping between my program and libwireshark. As surprising as this could be, this method (calling directly call_dissector_only) permitted me to get advanced features as expert messages.

I have understood Guy's considerations about my bad use of wireshark. Unfortunately, I couldn't refactor the whole wrapping few days before the project delivery. However, I'd like some details about Guy's proponal. Considering that I passed only the application layer part of the packet, should I create a fake frame type with no layer 2, 3, nor 4 headers ?

Moreover, my current use of libwireshark permits to my app to link to a 1.2 version of Wireshark without the need of modifying it. This is a very important property for its use in an external program. We should document a reliable and clean way to do this.

This topic is linked with the "independent epan" debate. During this project, I realized that there were some limitations for making an independent dissecting library. I plan to compare with the latest version (I have built my project on the 1.2). However, my thinking is that there is a way to take off the dissectors from wireshark, giving its power to a lot of applications.

I know that this is not the priority for the project, but can the team accept to organize a work group on this subject ? Is the team interested in that some members study this point ? I would be glad to share my uncommon but successful experience.

Best regards

PS : @Eloy, as every french guy, I place my last name before my first name (we have strange habits :D), so my first name is Emmanuel. You had one in two chances. ;)