This might be a trivial question - My program is making use of libwireshark API, notably epan related calls to dissect pcap files. I notice that as I process one file and another, the memory consumption keeps increasing. I have code similar to the following:
While I understand the two cleanup functions don’t free up all processed data related to the current packet as future packet dissection within the same file might make use of the data, these data, however, are completely useless when I move on to the next pcap file. I can’t seem to identify the function that would free these data up after I am done with a file, and I come to speculate that libwireshark is meant to process one file and exit, like tshark does - Am I right?
My current workaround is to restart my program for each pcap file to free up all used memory - ugly, however, as my program is supposed to run as a daemon… Wonder if there is a better approach..
asked 12 Apr ‘16, 15:18
edited 12 Apr ‘16, 20:38
No. libwireshark is meant to be used by Wireshark, which lets you close files and open new files.
What you want is something such as
answered 12 Apr '16, 18:20
Guy Harris ♦♦
edited 12 Apr '16, 21:37