Thank you, Gilbert, for the information.
Gilbert Ramirez wrote:
> Because in file.c we incorrectly use g_list_alloc() to create a list. I
> do the same in wiretap. This code was written before good documenation
> on GLIB was available. As I learned from http://www.gtk.org/rdp/,
> g_list_alloc() simply creates a null node, so the head of our list is
> always a node with a null data value. We should just say:
>
> cf->plist = NULL;
Ah. We should fix that.
> The filtering is done before the packets ever get to you. libpcap or
> wiretap, if you're using it, process the packets with the filter, and
> only gives you the packets that pass through the fliter. If you are
> seeing otherwise, I believe something is wrong in ethereal.
Upon further inspection, I think I see what is happening:
I think that the list and its contents are not being destroyed before a
file is reloaded. So, if I change the filter and reload the file,
there are still all the original packets in the list. This has two
implications:
1) You must use the packet count and a for loop to prevent iterating
over the old data:
/* this won't work */
/* g_list_foreach(cf.plist_first, (GFunc)tally_frame_data, st); */
/* this will work */
cur_glist = cf.plist;
for (i = 0; i < cf.count; i++){
cur_frame = (frame_data *)cur_glist->data;
tally_frame_data(cur_frame, st);
cur_glist = cur_glist->next;
}
2) I believe there is a big memory leak in the application. When a
document is reloaded, its old packets and the list that contain them
are not being destroyed.
Sincerely,
Aaron
