Re: Adding support for a new PCAP-NG block

[Guy Harris <guy () alum mit edu>]

On Jan 17, 2018, at 4:47 AM, Paul Offord <Paul.Offord () advance7 com> wrote:

> I want to make a start on the plan below.  Last night I took a look at the relevant code.
>  
> I started by adding support for TSDBs into the function pcapng_open(…) in pcapng.c

The *first* thing to do is to start by either

        1) getting an official block type value from pcap-ng-format () winpcap org

or

        2) getting a Private Enterprise Number from the IANA and using a custom block:

                
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.4.7

> but I then stumbled across wtap_opttype_register_custom_block_type(…) in wtap_opttypes.c which seems to be a 
> framework to add support for new block types.  I did a check on code that refers to this function and found that 
> nothing uses it at the moment.

That's correct - pcapng.c doesn't currently support custom blocks.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe