Wireshark-dev: Re: [Wireshark-dev] regarding packet capture
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Amit Paliwal <Amit.Paliwal@xxxxxxxxxxxxxxx>
Date: Wed, 4 Jun 2008 14:57:20 +0530

I was going through the basic architecture of wireshark and i came to know that capture module deals with libpcap api's and pas sinformation to core module. this core module will than pass it to epan where actually, if i am not wrong, the tree will be constructed from the buffer it gets.

I was browsing the code of capture file, in capture_loop.c file I got the following line of code

 inpkts = pcap_dispatch(ld->pcap_h, 1, ld->packet_cb, (u_char *)ld);
        if (inpkts < 0) {
          ld->pcap_err = TRUE;
          ld->go = FALSE; /* error or pcap_breakloop() - stop capturing */
        }

where ld->packet_cb will be the handler called to process the packet. I serched the code but i did not find where and which function's address is assigned to this function pointer. At this point also I am supposing that data will be processed. Can you plz put some more light on it and let me know the path to construct a protocol tree from the buffer which is processed. If I am not wrong the tree used for protocol will be a a generic tree and not specific kinda trees like binary tree and all.

Plz clarify it a bit, as I am in urgent need of browsing and understanding the code.

I appreciate your help in advance.


Guy Harris <guy@xxxxxxxxxxxx>
Sent by: wireshark-dev-bounces@xxxxxxxxxxxxx

06/03/2008 01:33 PM

Please respond to
Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
To
Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
cc
Subject
Re: [Wireshark-dev] regarding packet capture





Amit Paliwal wrote:

> Thanx for the suggestion, I went through the directory which provides
> very very minimal information its like hardly 20 lines written there
> that does not suffice for my query.
>
> kindly suggest some more ways to get that understanding.

See

                http://www.cacetech.com/SHARKFEST.08/D02_Combs_Intro%20to%20Writing%20Wireshark%20Packet%20Dissectors.ppt

and some of the other presentations at

                http://www.cacetech.com/SHARKFEST.08/

such as Ulf Lampings and mine.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

______________________________________________________________________

______________________________________________________________________