On May 18, 2019, at 5:03 PM, Damir Franusic <damir.franu...@gmail.com> wrote:
> And does wireshark currently support new block types and custom options in
> EPBs. I would need to access them in dissector plugin, that's what I'm
> worried about.
There are three types of blocks:
1) standard blocks - you must first register them in the pcapng spec
before you use them (just as you must register new LINKTYPE_/DLT_ values before
using them), and then Wireshark can be changed to allow plugins for them;
2) "local" blocks, with a block type with the high-order bit set - you
don't need to register them before using them, but you also can't arrange that
nobody else use the same block type value;
3) custom blocks, for which your organization needs an IANA-assigned
Private Enterprise Number - Wireshark currently doesn't support them, so we
would have to add custom block support.
There are three types of options:
1) standard options - you must first register them in the pcapng spec
before you use them (just as you must register new LINKTYPE_/DLT_ values before
using them), and then Wireshark can be changed to allow plugins for them;
2) "local" options, with an option type with the high-order bit set -
you don't need to register them before using them, but you also can't arrange
that nobody else use the same block type value;
3) custom options, for which your organization needs an IANA-assigned
Private Enterprise Number - Wireshark currently doesn't support them, so we
would have to add custom option support.
Wireshark *does* support adding plugins to the file-reading code to handle
local blocks and options, and to handle those standard block and option types
not already handled by Wireshark (we don't support overriding the code to
handle standard block and option types that *are* handled).
It also supports mapping pcapng block types to "file-type specific event"
records, and registering plugin dissectors for those.
(Michael, this is the detailed answer to your question "Is wireshark modular in
how it handles pcapng blocks?")
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
