Re: [Wireshark-dev] Adding support for a new PCAP-NG block

On Jan 19, 2018, at 12:24 AM, Guy Harris wrote: > On Jan 17, 2018, at 4:47 AM, Paul Offord wrote: > >> I want to make a start on the plan below. Last night I took a look at the >> relevant code. >> >> I started by adding support for TSDBs into

Re: [Wireshark-dev] Adding support for a new PCAP-NG block

On Jan 17, 2018, at 4:47 AM, Paul Offord wrote: > I want to make a start on the plan below. Last night I took a look at the > relevant code. > > I started by adding support for TSDBs into the function pcapng_open(…) in > pcapng.c The *first* thing to do is to

Re: [Wireshark-dev] Adding support for a new PCAP-NG block

[mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Roland Knall Sent: 17 January 2018 14:05 To: Developer support list for Wireshark <wireshark-dev@wireshark.org> Subject: Re: [Wireshark-dev] Adding support for a new PCAP-NG block Hi Yes you shou

Re: [Wireshark-dev] Adding support for a new PCAP-NG block

Hi Yes you should use the wtap_opttype_register_custom_block_type structure. In theory, the data from the block get's stored inside the necessary wtap structures and can later be accessible via packet_info if I remember correctly. Or you could also write a separate dissector, store the data from

[Wireshark-dev] Adding support for a new PCAP-NG block

I want to make a start on the plan below. Last night I took a look at the relevant code. I started by adding support for TSDBs into the function pcapng_open(…) in pcapng.c but I then stumbled across wtap_opttype_register_custom_block_type(…) in wtap_opttypes.c which seems to be a framework to