Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Wiretap subfiles

From: Evan Huus <eapache () gmail com>
Date: Fri, 5 Jul 2013 19:30:15 -0400
Two quick thoughts:
- Why the name subfiles? Index files makes more sense to me.
- It's a neat feature, but I don't see how this would solve your
problem. I'm not sure exactly what you mean by 'open transaction' in
this context though, so perhaps that would clarify.

On Fri, Jul 5, 2013 at 12:36 PM, Luis EG Ontanon <luis () ontanon org> wrote:

Wiretap subfiles are to be indexes of one or more capture files (the source)
that (as long as they correctly reference the source) transparently work as
if they were a a single capture file with the features of the source.

I think they should contain a magic number, the source filename(s),  basic
common information from the source and a list of file_ids, framenums and
offsets realitve to the source.

They came to my mind thinking on how to make a handover between two epan
processes so that known open transactions were not dropped when a new
process starts, starting with a file with just the packets that contain that
information would be the easiest way to come with it.

But they can be used for tons of other things:
- small (low disk use) saves of filter results (you just email the packet
list back, not the file with the packets)
- can be used as offset cache in wtap for speeding file operations
- add your own here...

I believe the implementation is a simple matter (not much more than 600
lines of code) And I'll be starting work on it in few weeks from now unless
someone beats me at it.

Any Ideas?

--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: