I just posted a patch to improve dissection of PCAP-NG captures.
Below is the introductory paragraph describing the issues the patch
addresses. See Bug
8590 for more information and for the patch. I am looking
forward to feedback.
The current processing of PCAP-NG has
limitations that are addressed by the attached patches. First,
dissection of the PCAP-NG blocks is occurring in the wiretap
library instead of the wireshark library where dissection errors
are less likely to cause problems. Second, it is difficult to
present any data other than real packet data to the dissection
engine. Third, multiple section header blocks are not supported.
Finally, there is no way to add additional block types and/or
options via a plug-in dissector.
Thank you,
Brandon Carpenter
|