Hello,
Is it possible to dissect more than one packet at the same time. Or
asked another way, is it okay to keep in memory the result of more than
one packet dissection? I haven't looked at what wireshark does (and
perhaps that is why I don't know the answer to this) but I did look at
what tshark does and it calls epan_dissect_run() in a serialized manner,
i.e. read packet, dissect packet, output result, read next packet,
dissect, output result, and so on.
In terms of code, what I would like to do is something like this:
epan_dissect_t *edt1, *edt2;
edt1 = epan_dissect_new(...);
epan_dissect_run(edt1, &pseudo_header1, packet1, &fdata1, NULL);
edt2 = epan_dissect_new(...);
epan_dissect_run(edt2, &pseudo_header2, packet2, &fdata2, NULL);
do_something_with_dissection_results(edt1, edt2);
epan_dissect_free(edt1);
epan_dissect_free(edt2);
Is the above an okay thing to do? Any gotchas and/or things to avoid?
Thanks in advance.
Eloy Paris.-