Michael Roth wrote:
I wanted to propose a programming API, e.g. a DLL version of tshark
which you could load once and then call on a per frame basis to get data
decoded into memory buffered PDML or something like that.
My response on wireshark-users was:
There's already an API from libwiretap, which both Wireshark and TShark
use to dissect packets - but it's currently not guaranteed to remain
unchanged from release to release. If the API stabilizes, there's a good
chance that it won't stabilize as the current API.
It dissects packets to yield a protocol tree.
Joerg Mayer further noted:
Also, be aware that the code is under GPL, not LGPL, i.e. if you use the
dll in a product, that product must be under a GPL compliant license.
A simpler alternative would be to allow tshark to read from stdin or to use pipes,
The main difficulty there is that to determine the file type, TShark
might have to try to read the file, as not all file types *Shark support
have magic numbers.
Currently, that's done by, for each file type, seeking back to the
beginning of the file and calling the "open this file type" routine. A
different buffering scheme could let that be done on pipes (i.e.,
support seeking within a buffer, even on pipes).