Guy Harris schrieb:
On Sep 27, 2007, at 2:01 PM, Ulf Lamping wrote:
Yes, I guess one of the problematic things to include pcapng into
Wireshark is to find a good interface between libwiretap and Wireshark
(or probably no interface at all). There are a lot of new concepts in
pcapng that has no counterpart in the current Wireshark
implementation.
Yes, the current Wiretap API is insufficient for pcap-NG; it should be
replaced with an API that can handle pcap-NG, which might also make it
better able to handle other capture file formats (for example, some
other capture file formats support user comments, which we currently
ignore).
I don't know how much of the current API must be *replaced*, I hope that
the API can be *extended* so we don't have to change all implemented
file formats ;-)
Yes, we currently ignore information, especially from the proprietary
file formats - and loose it while doing file format conversions. As some
"destination file formats" cannot handle the information, this loss
cannot be avoided (notably our current libpcap format is pretty
limited). Unfortunately, we don't even get a hint to the user, something
like: "Warning: This file format will loose user comments of the
original file".
Or are there so many things in the proprietary formats we don't know,
that this is potentially the case for almost all conversions? And giving
such a warning sometimes, but not for all information loss will keep the
user in a safety that's just not true (he looses information and
sometimes we don't warn) - so we shouldn't introduce such a warning.
Regards, ULFL