Re: Detecting capture file load finished in a C plugin

[Guy Harris <guy () alum mit edu>]

On Dec 18, 2015, at 10:41 AM, Paul Offord <Paul.Offord () advance7 com> wrote:

> I’m writing a Custom C Plugin.  As a capture file is loaded, the callback dissect_plugin

I.e., the plugin is a dissector, rather than a handler for a type of capture file, or a statistical tap?

(Yes, there's more than one type of plugin supported.)

> is called for every packet loaded twice over.

That's probably a bug - one time should suffice when doing the initial read of the file - *BUT*:

        in TShark with the -2 flag, it will be called once for each packet in the second pass;

        in Wireshark, it will be called for packets when they're displayed, when they're selected, when a tap is run on 
them, etc.;

so your dissector *must* be capable of handling being called multiple times - no exceptions.

>  Is there a way I can detect the completion of the load of the capture file?

If what you *really* need, in order to handle being called multiple times, is to know whether this is the first time 
the packet is being dissected, you can pass the pinfo pointer to the PINFO_FD_VISITED() macro, and if it returns 
"true", this is *not* the first time the packet is being dissected.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe