On Thu, Jun 17, 2004 at 10:26:26AM +0200, Yann Samama wrote:
> I want to add to Ethereal the ability to read new type of files that are
> generated by some commercial sniffers.
> As I read through the different files in the wiretap sub-directory, it
> raised several issues :
>
> 1/ Is it possible to have a "read" function that can work on non-contiguous
> blocks of data?
"Non-contiguous" in what sense?
> 2/ Is it possible to have the data-link layer type to be defined on a per
> packet basis, rather than by a per file basis?
Yes. See WTAP_ENCAP_PER_PACKET.
> 3/ What are the differences between the "read" and the "seek and read"
> functions?
The "read" routine is expected to scan forward to the next packet
record, and read it, advancing "wth->data_offset" as appropriate, and
setting "*data_offset" to a value that will let the "seek and read"
routine re-read that packet record. It should use "wth->fh" when
reading. It fills in a buffer, and possibly a pseudo-header, associated
with the "wtap" structure.
The "seek and read" routine takes an offset value as an argument, as
well as:
a pointer into a buffer into which to read the packet data;
a pointer to a "wtap_pseudo_header" union into which to put
pseudo-header data, if any;
the number of bytes of packet data to read;
and reads the packet that started at the specified offset (the offset
doesn't *have* to be a byte offset in the file, but it has to be
something sufficient to let the "seek and read" routine find the record;
except in some of the text file formats, it's an offset in the file).