Home page logo

wireshark logo Wireshark mailing list archives

Re: Enhanced PCAP-NG dissection
From: Anders Broman <anders.broman () ericsson com>
Date: Wed, 17 Apr 2013 18:25:15 +0000

From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Brandon 
Sent: den 17 april 2013 20:11
To: wireshark-dev () wireshark org
Subject: [Wireshark-dev] Enhanced PCAP-NG dissection

I just posted a patch to improve dissection of PCAP-NG captures.  Below is the introductory paragraph describing the 
issues the patch addresses.  See Bug 8590<https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8590> for more 
information and for the >patch.  I am looking forward to feedback.

The current processing of PCAP-NG has limitations that are addressed by the attached patches. First, dissection of the 
PCAP-NG blocks is occurring in the wiretap library instead of the wireshark >library where dissection errors are less 
likely to cause problems. Second, it is difficult to present any data other than real packet data to the dissection 
engine. Third, multiple section header blocks are not >supported. Finally, there is no way to add additional block 
types and/or options via a plug-in dissector.

I'm not sure that adding the ability to read new block types or options via a plugin is a good idea.  If new options or 
block types are needed the PCAP-NG specification should be updated
With them and Wireshark enhanced to read them. Having plugins might encourage people to change the format in 
incompatible ways. If proprietary solutions are needed one could
Invent a generic proprietary block format with a vendor id and opaque content.
Just my 2 c

Thank you,

Brandon Carpenter
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]