Wireshark-dev: Re: [Wireshark-dev] Getting captured interface name inside plugin

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jan Mall <jan.mall@xxxxxxxxxx>
Date: Mon, 7 Jun 2021 22:47:42 +0200
Thanks for the hint with the interface_id - didn't knew that yet.
Mapping between interfaces and message definition files are done in the preferences.
Good point with the capture files - listening for UI events wouldn't work there. So probably I should stick with the solution of the interface_id and if this is not available, force the user to explicitly specify which message definitions to use. 

On 07.06.21 18:32, Guy Harris wrote:

On Jun 7, 2021, at 4:15 AM, Jan Mall <jan.mall@xxxxxxxxxx> wrote:


After continuing searching I found this snippet in the UI part:
"epan_get_interface_name(pinfo->epan, pinfo->rec->rec_header.packet_header.interface_id);"

Note that it is permitted to return NULL.

Note also that there is no guarantee that pinfo->rec->rec_header.packet_header.interface_id has a meaningful value; unless the WTAP_HAS_INTERFACE_ID bit is set in pinfo->rec->presence_flags, pinfo->rec->rec_header.packet_header.interface_id must not be used.

Presumably either:

	this is a site-specific use, so you know which interface names have which sets of message definitions, and you've hardcoded that into your dissector;

	this is for a particular capture device, so you know which interface names have which sets of message definitions, and you've hardcoded that into your dissector;

	the message definition files have names that include the interface name, so, while the user doesn't have to set preferences for the dissector, the user has to set file names for the message definition files;

or something such as that.


Still wondering if there is maybe a callback/event I could register to get notified as soon as the user starts capturing on a specific interface (including the interface name)?

Note that there is no guarantee that your dissector will only be called if the user is doing a capture.  Remember, Wireshark can read saved capture files.

Further note that, unless the saved capture file is a pcapng file, the interface ID, and interface names, will not be available.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe