Re: Getting captured interface name inside plugin

[Guy Harris <gharris () sonic net>]

On Jun 7, 2021, at 4:15 AM, Jan Mall <jan.mall () uni-ulm de> wrote:

> After continuing searching I found this snippet in the UI part:
> "epan_get_interface_name(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id);"

Note that it is permitted to return NULL.

Note also that there is no guarantee that pinfo->rec->rec_header.packet_header.interface_id has a meaningful value; 
unless the WTAP_HAS_INTERFACE_ID bit is set in pinfo->rec->presence_flags, 
pinfo->rec->rec_header.packet_header.interface_id must not be used.

Presumably either:

        this is a site-specific use, so you know which interface names have which sets of message definitions, and 
you've hardcoded that into your dissector;

        this is for a particular capture device, so you know which interface names have which sets of message 
definitions, and you've hardcoded that into your dissector;

        the message definition files have names that include the interface name, so, while the user doesn't have to set 
preferences for the dissector, the user has to set file names for the message definition files;

or something such as that.

> Still wondering if there is maybe a callback/event I could register to get notified as soon as the user starts 
> capturing on a specific interface (including the interface name)?

Note that there is no guarantee that your dissector will only be called if the user is doing a capture.  Remember, 
Wireshark can read saved capture files.

Further note that, unless the saved capture file is a pcapng file, the interface ID, and interface names, will not be 
available.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe