Re: Enhanced PCAP-NG dissection

[Anders Broman <anders.broman () ericsson com>]

> From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Brandon 
> Carpenter
> Sent: den 17 april 2013 20:11
> To: wireshark-dev () wireshark org
> Subject: [Wireshark-dev] Enhanced PCAP-NG dissection
>
> I just posted a patch to improve dissection of PCAP-NG captures.  Below is the introductory paragraph describing the 
> issues the patch addresses.  See Bug 8590<https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8590> for more 
> information and for the >patch.  I am looking forward to feedback.
>
>
> The current processing of PCAP-NG has limitations that are addressed by the attached patches. First, dissection of the 
> PCAP-NG blocks is occurring in the wiretap library instead of the wireshark >library where dissection errors are less 
> likely to cause problems. Second, it is difficult to present any data other than real packet data to the dissection 
> engine. Third, multiple section header blocks are not >supported. Finally, there is no way to add additional block 
> types and/or options via a plug-in dissector.

I'm not sure that adding the ability to read new block types or options via a plugin is a good idea.  If new options or 
block types are needed the PCAP-NG specification should be updated
With them and Wireshark enhanced to read them. Having plugins might encourage people to change the format in 
incompatible ways. If proprietary solutions are needed one could
Invent a generic proprietary block format with a vendor id and opaque content.
Just my 2 c
Regards
Andeers

> Thank you,
>
> Brandon Carpenter
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe