Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Bit for starting / stopping / new Capture

From: "FIXED-TERM Scholz Tobias (DC-IA/EAI)" <fixed-term.Tobias.Scholz@xxxxxxxxxxxxxxx>
Date: Wed, 17 Feb 2016 15:38:32 +0000

Hi Pascal,

 

thanks for your answer. I don’t get exactly the meaning of this routine functionality, but I think it is not what I’m searching for.

 

For my dissector I need a special bit or value as a trigger, which says, that e.g. the capture has stopped or starts new.

E.g.:     capture isn’t running (stopped) à bit == FALSE

 

Does it exist?

 

Tobias

 

 

Von: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] Im Auftrag von Pascal Quantin
Gesendet: Mittwoch, 17. Februar 2016 16:24
An: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Betreff: Re: [Wireshark-dev] Bit for starting / stopping / new Capture

 

Hi Tobias,

 

2016-02-17 16:16 GMT+01:00 FIXED-TERM Scholz Tobias (DC-IA/EAI) <fixed-term.Tobias.Scholz@xxxxxxxxxxxxxxx>:

Hey,

 

I made some recherché, but couldn’t find any information to this topic. Is there a possibility to know (special bit for example), whether the user stopped, started the capture or opened Wireshark new?

 

That would be a great help for my dissector.

 

Not sure this is exactly your request, but you can register callbacks when a capture is started / loaded / reloaded (when a preference changes for example) and when it is closed with the following functions:

/**
 * Allow protocols to register "init" routines, which are called before
 * we make a pass through a capture file and dissect all its packets
 * (e.g., when we read in a new capture file, or run a "filter packets"
 * or "colorize packets" pass over the current capture file or when the
 * preferences are changed).
 */
WS_DLL_PUBLIC void register_init_routine(void (*func)(void));

/**
 * Allows protocols to register "cleanup" routines which are called
 * after closing a capture file (or when preferences are changed, in
 * that case these routines are called before the init routines are
 * executed). It can be used to release resources that are allocated in
 * register_init_routine.
 */
WS_DLL_PUBLIC void register_cleanup_routine(void (*func)(void));

Hope it helps,

Pascal.