Wireshark mailing list archives
Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark?
From: Richard Sharpe <realrichardsharpe () gmail com>
Date: Sat, 12 May 2012 09:10:17 -0700
Hi again, Starting this again. It seems that dumpcap can and does use pcapng to communicate with Wireshark ... but that dumpcap does not currently want to do that. That is, dumpcap reads the file header and then generates a set of: libpcap_write_session_header_block, libpcap_write_interface_description_block, one or more calls to libpcap_write_enhanced_packet_block ... libpcap_write_interface_statistics_block. So, the simplest way to have dumpcap do the correct thing with a pcapng file is to send through the raw blocks as they are read out of the pipe. Once we have read the header we know if we have pcap file or a pcapng file and we can perform the correct actions. In particular, set a flag that says we are writing raw data and have routines like do_file_switch_or_stop not write any thing if the input format is a pcapng file ... This will require a small amount of change to dumpcap but much less coding than I have already done. It will also require a function in pcapio.[hc] called something like libpcap_write_raw ... Does that sound reasonable? -- Regards, Richard Sharpe (何以解憂?唯有杜康。--曹操) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Richard Sharpe (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Jeff Morriss (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Guy Harris (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Richard Sharpe (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Richard Sharpe (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Guy Harris (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Richard Sharpe (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Guy Harris (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Richard Sharpe (May 12)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Guy Harris (May 10)
- Re: How does dumpcap.c communicate linktype when pushing packets into the rest of Wireshark? Jeff Morriss (May 10)