Michael Roth wrote: > I wanted to propose a programming API, e.g. a DLL version of tshark > which you could load once and then call on a per frame basis to get data > decoded into memory buffered PDML or something like that.
My response on wireshark-users was: There's already an API from libwiretap, which both Wireshark and TShark use to dissect packets - but it's currently not guaranteed to remain unchanged from release to release. If the API stabilizes, there's a good chance that it won't stabilize as the current API. It dissects packets to yield a protocol tree. Joerg Mayer further noted: Also, be aware that the code is under GPL, not LGPL, i.e. if you use the dll in a product, that product must be under a GPL compliant license. > A simpler alternative would be to allow tshark to read from stdin or to use > pipes, The main difficulty there is that to determine the file type, TShark might have to try to read the file, as not all file types *Shark support have magic numbers. Currently, that's done by, for each file type, seeking back to the beginning of the file and calling the "open this file type" routine. A different buffering scheme could let that be done on pipes (i.e., support seeking within a buffer, even on pipes). _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
