This small patch looks at the first byte of the dst_addr, and if it's
'i', 'I', 'o', or 'O', it will interpret the file as FW1 monitor file,
if the automatic check for it was enabled in the preferences.
Index: packet-eth.c
===================================================================
--- packet-eth.c (revision 12561)
+++ packet-eth.c (working copy)
@@ -41,6 +41,7 @@
/* Interpret capture file as FW1 monitor file */
static gboolean eth_interpret_as_fw1_monitor = FALSE;
+static gboolean eth_auto_fw1_monitor = FALSE;
/* protocols and header fields */
static int proto_eth = -1;
@@ -277,6 +278,13 @@
if (eth_interpret_as_fw1_monitor) {
call_dissector(fw1_handle, tvb, pinfo, tree);
goto end_of_eth;
+ }
+ else
+ if (eth_auto_fw1_monitor) {
+ if((dst_addr[0] == 0x69) || (dst_addr[0] == 0x49) || (dst_addr[0] == 0x6f) || (dst_addr[0] == 0x4f)) {
+ call_dissector(fw1_handle, tvb, pinfo, tree);
+ goto end_of_eth;
+ }
}
if (check_col(pinfo->cinfo, COL_INFO))
@@ -450,6 +458,7 @@
"Interpret as FireWall-1 monitor file",
"Whether the capture file should be interpreted as a CheckPoint FireWall-1 monitor file",
ð_interpret_as_fw1_monitor);
+ prefs_register_bool_preference(eth_module, "auto_fw1_monitor", "Automatically interpret as FireWall-1 monitor file", "Whether the capture file should be automatically interpreterd as a Check Point FireWall-1 monitor file", ð_auto_fw1_monitor);
register_dissector("eth", dissect_eth, proto_eth);
eth_tap = register_tap("eth");