>Are there specific things in a new API that would make wireshark happier? >feel free to start a new thread ;-)
Having a packet header that could be written to file directly might be a good idea /* pcap-ng Enhanced Packet Block without actual packet, options, and trailing * Block Total Length * ENHANCED_PACKET_BLOCK_TYPE 0x00000006 * http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html */ struct pcap_pkthdr_epb { bpf_u_int32 block_type; /* Pcap-ng block type ENHANCED_PACKET_BLOCK_TYPE */ bpf_u_int32 block_total_length; /* Block Total Length: total size of this block, in bytes */ bpf_u_int32 interface_id; /* Specifies the interface this packet comes from */ bpf_u_int32 timestamp_high; bpf_u_int32 timestamp_low; /* High and low 32-bits of a 64-bit quantity representing the timestamp. * The timestamp is a single 64-bit unsigned integer representing the number of units since 1/1/1970. * if_tsresol further specifies this field. */ bpf_u_int32 captured_len; /* Captured Len: number of bytes captured from the packet (i.e. the length of the Packet Data field) */ bpf_u_int32 packet_len; /* Packet Len: actual length of the packet when it was transmitted on the network. * It can be different from Captured Len if the user wants only a snapshot of the packet. */ }; (http://permalink.gmane.org/gmane.network.tcpdump.devel/6520 ) Regards Anders _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
