There have been several times where I've been given a simple, text-based capture file for Serial or CAN communications. My (quick and dirty) solution has been to write a text2pcap derived application to convert the file to pcapng format and then view it Wireshark. The packet dissection support is usually already there, but I have also supplemented with plugins when needed.
However,
https://gitlab.com/wireshark/wireshark/-/merge_requests/18894 has shown me the "right" way to handle it - and that's using wiretap. The packet data comes from a CAN bus, so the original thought was to use the SocketCAN file format, but WTAP_ENCAP_SOCKETCAN is a little clunky and I think I'd prefer to use the pcapng format (similar to my text2pcap applications) to pipe it through "better" dissection tables (sll.ltype). The file format also contains "non-packet data" that I would like to eventually convert into other pcapng block types.
I looked around a little, but I didn't see any obvious examples in wiretap of how to easily provide a pcapng record. pcapng.c does its own processing and is a bit complex compared to the APIs used in text2pcap. Looking at other wiretap examples, they seem to have a "file dissection layer" in epan/dissectors that corresponds to the wiretap handling (linking to "wtap_encap" table) before data is passed to a different dissection table for "packet dissection".
Is pcapng.c the only source of what I'll have to look at as an "example"? Can anyone provide more pointers on my desire to have "text2pcap functionality in wiretap", to make it easier to provide wiretaps for future (simple) text-based packet data.
Thanks,
Michael