Merge, don't fork!
Unless unfeasible, the drive should be to add functionality to the
existing apps instead of writing new ones.
libwireshark was made into a lib to hold what wireshark and tshark had
to have in common, not to become a dissection libary for other apps.
I do not think there has never been an intention to share
libwireshark, and that's why there's no documentation on how to use
it. BTW it is GPLd not LGPLd, i.e.: programs that link to it must be
GPLd.
L
On Thu, Apr 3, 2008 at 6:14 PM, Eloy Paris <peloy@xxxxxxxxxx> wrote:
> Hi Pavan,
>
>
> On Thu, Apr 03, 2008 at 12:23:04PM +0530, Gupta, Pavan wrote:
>
> > I would like to use Wireshark library apis to dissect packets.
> >
> > - Call a function in Wireshark providing the filename or buffer as
> > input. File/buffer will have data in pcap format. This function should
> > return me dissected data.
> >
> > Is there any function that can be called directly?
>
> It's not as simple as that - you need to call several functions to
> initialize the library, to load preferences (which are used by the
> dissectors), to create the key epan_dissect_t structure, to dissect the
> packet, to manage the dissection results, etc. It's not hard but the
> point is that it is not as easy as "dissect(data, data_len)".
>
>
> > I am trying to reverse engineer Wireshark (rather tshark) code but
> > its taking time to understand the finer details. Also, please share
> > the way how I can build my application that links to Wireshark
> > .so libraries. Looking at tshark code, it seems load_cap_file( )
> > function is the function that needs to be called, but before that
> > some initialization needs to be done (like initializing dissector,
> > etc.). The libraries that I need to link are libwiretap.so and
> > libwireshark.so.
>
> It happens that I also have been working on an application that uses
> libwireshark services for packet dissection. I looked a lot at tshark
> to understand how the libwireshark API is being invoked and ended up
> writing a very simple program that allows me to easily play with things
> without having to deal with the higher complexity of tshark and with the
> wireshark build environment, and that allows me to play with things like
> Makefiles and the autoconf script, etc. My test program doesn't have the
> the bells and whistles that tshark has and uses libpcap to read packets
> instead of libwirecap.
>
> You can download the source code from:
>
> http://www.chapus.net/wshark-test/
>
> You may have better luck trying to understand this program instead
> of tshark/wireshark.
>
> I was thinking about using this little program as the basis of new
> documentation on how to write applications that use libwireshark
> services. Perhaps write a README.libwireshark for the doc/ directory and
> host the source code for this program somewhere on the Wireshark wiki.
>
> Comments from the developers regarding the merits of these ideas are
> appreciated.
>
> Cheers,
>
> Eloy Paris.-
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
