Get rid of the pkt_encap field in struct packet_info.

pinfo->pkt_encap is jsut a copy of pinfo->phdr->pkt_encap; no need for
the copy.

Expand a comment while we're at it.

Change-Id: I5fcfe694ecba42507f1d629d01440da0a0989501
Reviewed-on: https://code.wireshark.org/review/25643
Reviewed-by: Guy Harris <guy@alum.mit.edu>

1 files changed, 9 insertions, 3 deletions

diff --git a/epan/dissectors/packet-snort.c b/epan/dissectors/packet-snort.c
index 616f38bd00..6da2a4b7e8 100644
--- a/epan/dissectors/packet-snort.c
+++ b/epan/dissectors/packet-snort.c
@@ -1166,11 +1166,18 @@ snort_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
 
                 /* Older versions of Snort don't support capture file with several encapsulations (like pcapng),
                  * so write in pcap format and hope we have just one encap.
-                 * Newer versions of Snort can read pcapng now, but still write in pcap format.
+                 * Newer versions of Snort can read pcapng now, but still
+                 * write in pcap format; if "newer versions of Snort" really
+                 * means "Snort, when using newer versions of libpcap", then,
+                 * yes, they can read pcapng, but they can't read pcapng
+                 * files with more than one encapsulation type, as libpcap's
+                 * API currently can't handle that, so even those "newer
+                 * versions of Snort" wouldn't handle multiple encapsulation
+                 * types.
                  */
                 current_session.pdh = wtap_dump_fdopen(current_session.in,
                                                        WTAP_FILE_TYPE_SUBTYPE_PCAP,
-                                                       pinfo->pkt_encap,
+                                                       pinfo->phdr->pkt_encap,
                                                        WTAP_MAX_PACKET_SIZE_STANDARD,
                                                        FALSE,                 /* compressed */
                                                        &open_err);
@@ -1193,7 +1200,6 @@ snort_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
 
             wtp.caplen = tvb_captured_length(tvb);
             wtp.len = tvb_reported_length(tvb);
-            wtp.pkt_encap = pinfo->pkt_encap;
             if (current_session.pdh->encap != wtp.pkt_encap) {
                 /* XXX, warning! convert? */
             }