Wireshark-dev: Re: [Wireshark-dev] Capture filename not available at plugin init time
Thanks for responding Roland. I’ve written a tool that reads a log file and converts it to a PCAP-NG with a matching dissector. The pcap file carries a data descriptor block in a new PCAP-NG block type called as TSDB. The TSDB
carries the information needed to register the header fields. To add support for the TSDB into core Wireshark is going to be a big job (which I will submit later). As a quick solution, the dissector gets the information by directly opening and reading it
from the PCAP-NG file – hence the need for the filename. The above aside, and I can guess you are thinking I’m just trying to avoid a bigger coding job, it’s not unreasonable to expect plugin_if_get_ws_info to get the filename at init time, and init is
called when the filename is known. I have a really kludgie workaround which is to read the TSDB and register the hf structure on the first call to the dissector, but it’s not ideal. Best regards…Paul From: Wireshark-dev [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx]
On Behalf Of Roland Knall Hi Paul As far as I know, cf_open can still fail after calling the init-functions. In that case you would get the filename, but the capture is already closed. My question is, why do you need the filename in the first place? Also, you could set the filename at a later point. If you implement a tap-interface, you could set the filename in the first tap-print callback. Makes sense, 'cause you normally only have data at this point anyway. You can raise this as an improvement (do not think it is a bug) if you want to, not really sure though, if it should be changed cheers On Fri, Nov 3, 2017 at 2:49 PM, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:
______________________________________________________________________ This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Advance Seven Ltd. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Advance Seven Ltd. Registered in England & Wales numbered 2373877 at Endeavour House, Coopers End Lane, Stansted, Essex CM24 1SJ ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ |
- Follow-Ups:
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Roland Knall
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- References:
- [Wireshark-dev] Capture filename not available at plugin init time
- From: Paul Offord
- Re: [Wireshark-dev] Capture filename not available at plugin init time
- From: Roland Knall
- [Wireshark-dev] Capture filename not available at plugin init time
- Prev by Date: Re: [Wireshark-dev] Capture filename not available at plugin init time
- Next by Date: Re: [Wireshark-dev] Capture filename not available at plugin init time
- Previous by thread: Re: [Wireshark-dev] Capture filename not available at plugin init time
- Next by thread: Re: [Wireshark-dev] Capture filename not available at plugin init time
- Index(es):