Wiretap subfiles

[Luis EG Ontanon <luis () ontanon org>]

Wiretap subfiles are to be indexes of one or more capture files (the
source) that (as long as they correctly reference the source) transparently
work as if they were a a single capture file with the features of the
source.

I think they should contain a magic number, the source filename(s),  basic
common information from the source and a list of file_ids, framenums and
offsets realitve to the source.

They came to my mind thinking on how to make a handover between two epan
processes so that known open transactions were not dropped when a new
process starts, starting with a file with just the packets that contain
that information would be the easiest way to come with it.

But they can be used for tons of other things:
- small (low disk use) saves of filter results (you just email the packet
list back, not the file with the packets)
- can be used as offset cache in wtap for speeding file operations
- add your own here...

I believe the implementation is a simple matter (not much more than 600
lines of code) And I'll be starting work on it in few weeks from now unless
someone beats me at it.

Any Ideas?

-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe