On Dec 18, 2015, at 10:41 AM, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:
> I’m writing a Custom C Plugin. As a capture file is loaded, the callback dissect_plugin
I.e., the plugin is a dissector, rather than a handler for a type of capture file, or a statistical tap?
(Yes, there's more than one type of plugin supported.)
> is called for every packet loaded twice over.
That's probably a bug - one time should suffice when doing the initial read of the file - *BUT*:
in TShark with the -2 flag, it will be called once for each packet in the second pass;
in Wireshark, it will be called for packets when they're displayed, when they're selected, when a tap is run on them, etc.;
so your dissector *must* be capable of handling being called multiple times - no exceptions.
> Is there a way I can detect the completion of the load of the capture file?
If what you *really* need, in order to handle being called multiple times, is to know whether this is the first time the packet is being dissected, you can pass the pinfo pointer to the PINFO_FD_VISITED() macro, and if it returns "true", this is *not* the first time the packet is being dissected.
