Wireshark-dev: Re: [Wireshark-dev] Out of Memory issue

From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Fri, 25 Jul 2008 14:57:15 -0400


Kumar, Hemant wrote:
Hello

My dissector runs in to out of memory problem after dissecting certain number of packets.

The maximum size of packet which I am dissecting is 1082KB.

Some of the fields in the packets are *buffers* which I have added to the display tree also.


Any idea or any memory management routine which needs to be implemented in my
Plugin dissector code?
 I read on the link "http://wiki.wireshark.org/KnownBugs/OutOfMemory";,
That wireshark should be able to handle data of the order of GBs.
Also without my plugin dll, the dissector does go smoothly and shows data payload section under UDP and
TCP but with dissection coming in to picture it runs in to this error.

Wireshark will handle Gbytes of data if you have many Gbytes of memory. If your system has only 128Mb of RAM and not much swap space availble... So:

- how much RAM do you have?
- how much swap?
- how much memory has Wireshark used when it dies (with your plugin)?
- how much memory has Wireshark used when it doesn't die (without your plugin)?

There are no per-plugin/dissector limits for memory or how many packets they can have. Of course if your plugin will cause more memory to be used:

- just by its existence in Wireshark (code + some overhead in Wireshark to keep track of it)
- with any tree items it creates
- with any direct allocations it uses