Re: [Wireshark-commits] rev 32594: /trunk/ /trunk/: capinfos.c

[Bill Meier <wmeier () newsguy com>]

sfisher () wireshark org wrote:
> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=32594
>
> User: sfisher
> Date: 2010/04/28 11:30 PM
>
> Log:
>  Add snaplen to capinfos output.  Idea from Chris Maynard on -dev.

Steve:

A note:

At least one capture format ("NA Sniffer (Windows) 2.0" handled in 
netxray.c) doesn't provide a 'snaplen' in the file header. However the 
record header has a 'caplen' as well as an 'original length'.

This may be true for other formats as well.

A comment:

Since capinfos does read through the complete capture file 
(process_cap_file) to gather certain information, I think a test in that 
code can be used to determine the actual snaplen (phdr->caplen) for the 
file (if the snaplen is not in the file header).

snaplen = phdr->caplen if ((phdr->len - phdr->caplen) > 0)

I would expect that for any particular file there would only be one 
value for snaplen. If there are multiple snaplens capinfos could just 
show the range.


What do you think ?

If the above seems reasonable I can make the change if you like.

Bill

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe