Wireshark mailing list archives
Re: Adding pcap-ng pipe support to dumpcap
From: James Ko <jim.list () hotmail com>
Date: Wed, 22 Nov 2017 18:13:36 +0000
Attached is my patch to get this working (with caveats). To support this involved reading the the pcapng block header and parsing the just the section header block for endianess. Then just rewrites the all blocks using the original/input endianess format to the pipe without looking much further at the block contents. It only supports one interface. I don't fully understand how multiple interfaces are handled but would probably require parsing the interface description blocks as well to get the linktype and snaplen to put in the interface table. I also did not implement the use_threads option for packet processing. There is #ifdef WIN32 bits but I don't know if any of that is correct as I didn't really touch it and did not even try to compile it. I hope this gets this feature moving along. Regards, James
Attachment:
dumpcap-pcapng-support.patch
Description: dumpcap-pcapng-support.patch
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Adding pcap-ng pipe support to dumpcap James Ko (Nov 22)
- Re: Adding pcap-ng pipe support to dumpcap Roland Knall (Nov 22)
- Re: Adding pcap-ng pipe support to dumpcap Roland Knall (Nov 22)
- Re: Adding pcap-ng pipe support to dumpcap Graham Bloice (Nov 22)
- Re: Adding pcap-ng pipe support to dumpcap James Ko (Nov 22)
- Re: Adding pcap-ng pipe support to dumpcap Roland Knall (Nov 22)
- Re: Adding pcap-ng pipe support to dumpcap James Ko (Nov 22)
- Re: Adding pcap-ng pipe support to dumpcap Roland Knall (Nov 22)