Wireshark-dev: Re: [Wireshark-dev] epan_t and capture_file

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 13 Apr 2017 17:21:14 -0700
On Apr 13, 2017, at 4:40 PM, Simon Barber <simon.barber@xxxxxxxxxx> wrote:

> I ask because I am working out how to connect the wlan_radio dissector with the wireless timeline UI code.

The answer to "how do I connect the XXX dissector with the YYY UI code?" is "very indirectly", as in "the XXX dissector is not guaranteed to have any particular UI code to depend on, so it can only throw out some data in the hopes that the UI code will capture it".

That's what taps are for.  They provide data to a tap listener, which is what does UI stuff with it (printing it, displaying it in a window, handing it to a server, whatever).

> Right now the only use of the data field in epan_t that I can find is as a link to the capture_file. Also the only link from the capture_file->window field is to the QT MainWindow, so in theory I can from the dissector test if the window is set,

No, you can't.  You are not even guaranteed that there are any windows other than the glass tube of the VT100 connected to the box on which you're running TShark. :-)

(If I still had my VT100, I'd get a USB-to-serial converter, plug it into my MacBook Pro, fire up a getty on the resulting serial port, hook up the VT100, log in, and run TShark from it, just for the lulz.  Doing it with a Model 33 Teletype would be even more fun, except that macOS's terminal driver doesn't support all the delay options that a Model 33 requires.)

> OK

No.

> or should I find another way?

Yes.  What is it you're *really* trying to do (described at a high level of the UI)?  What information does the timeline code need from the dissector that's not currently supplied through the tap mechanism?