Hi all,
I've been working on a patch to overcome one of Wireshark's limitations
with regard to PCAP-NG captures. The patch adds metadata (section,
interface, packet options, etc) to the dissector window and allows one
to filter packets based on the metadata. I'm not sure the method I'm
using is the best and was hoping some of the developers who are more
familiar with the internals of Wireshark could say yay or nay and
recommend alternatives.
Along with being able to view the metadata, the patch is also working
toward a plugin approach for parsing new PCAP-NG block types and
options. Ideally, I think it would be nice to allow writing custom
block and option parsers in the dissectors that display them. Any ideas
on how to best accomplish this?
So, is there anyone who would be willing to look at this? If so, what
is the best way to make the patch available? I'll post more details
with the patch.
Thanks,
Brandon