Wireshark-dev: Re: [Wireshark-dev] Getting captured interface name inside plugin

From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 7 Jun 2021 09:32:13 -0700
On Jun 7, 2021, at 4:15 AM, Jan Mall <jan.mall@xxxxxxxxxx> wrote:

> After continuing searching I found this snippet in the UI part:
> "epan_get_interface_name(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id);"

Note that it is permitted to return NULL.

Note also that there is no guarantee that pinfo->rec->rec_header.packet_header.interface_id has a meaningful value; unless the WTAP_HAS_INTERFACE_ID bit is set in pinfo->rec->presence_flags, pinfo->rec->rec_header.packet_header.interface_id must not be used.

Presumably either:

	this is a site-specific use, so you know which interface names have which sets of message definitions, and you've hardcoded that into your dissector;

	this is for a particular capture device, so you know which interface names have which sets of message definitions, and you've hardcoded that into your dissector;

	the message definition files have names that include the interface name, so, while the user doesn't have to set preferences for the dissector, the user has to set file names for the message definition files;

or something such as that.

> Still wondering if there is maybe a callback/event I could register to get notified as soon as the user starts capturing on a specific interface (including the interface name)?

Note that there is no guarantee that your dissector will only be called if the user is doing a capture.  Remember, Wireshark can read saved capture files.

Further note that, unless the saved capture file is a pcapng file, the interface ID, and interface names, will not be available.