>Calling libwireshark routines would amount to re-using them directly, for legal reasons - you cannot make a product out of >libwireshark without your product being GPLed.
Sorry, I should have been more clear on this point - even if linking to libwireshark were technically feasible, our product would not be a derivative from Wireshark - the Wireshark dissectors would only be called from internal unit test code to compare our dissector's output with a "known correct" one. We wouldn't be shipping anything Wireshark-related in any way.
>You would have to, for example, somehow run TShark "at arm's length" as a separate process, hand the packets to it (perhaps over a >pipe), and get the dissected output, e.g. in PDML format (perhaps over another pipe).
I had used TShark before, but hadn't noticed the PDML output option. I think this will do what I want, and be cleaner than trying to call libwireshark directly. Thanks for the help.
Zack
