diff options
| author | Guy Harris <guy@alum.mit.edu> | 2015-08-11 22:42:26 -0700 |
|---|---|---|
| committer | Guy Harris <guy@alum.mit.edu> | 2015-08-12 05:42:56 +0000 |
| commit | 50b51a66f7452012b259b0de40b5d989167cfa93 (patch) | |
| tree | 98b2c248cee4b2f34ee9ffdb663ee983a84e7082 /wiretap | |
| parent | 260ae6a71e62ab97313767dfd19063dd952923b9 (diff) | |
Some further questions, asked in comments.
Change-Id: I41c7918b7396934c651fb957d3b61db0c7a19527
Reviewed-on: https://code.wireshark.org/review/9990
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'wiretap')
| -rw-r--r-- | wiretap/capsa.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/wiretap/capsa.c b/wiretap/capsa.c index f649e36e06..6f6ea15d30 100644 --- a/wiretap/capsa.c +++ b/wiretap/capsa.c @@ -30,8 +30,10 @@ * * a 4-byte magic number, with 'c', 'p', 's', 'e'; * - * either a 1-byte "format indicator" (version number?) followed by - * 0x00 or a 2-byte little-endian "format indicator"; + * either a 2-byte little-endian "format indicator" (version number?), + * or a 1-byte major version number followed by a 1-byte minor version + * number, or a 1-byte "format indicator" followed by something else + * that's always been 0; * * a 2-byte 0xe8 0x03 (1000 - a data rate? megabits/second?) * @@ -175,19 +177,21 @@ wtap_open_return_val capsa_open(wtap *wth, int *err, gchar **err_info) return WTAP_OPEN_ERROR; /* - * Flags of some sort? + * Flags of some sort? Four 1-byte numbers, two of which are 1 + * and two of which are zero? Two 2-byte numbers or flag fields, + * both of which are 1? */ if (!file_skip(wth->fh, 4, err)) return WTAP_OPEN_ERROR; /* - * File size. + * File size, in bytes. */ if (!file_skip(wth->fh, 4, err)) return WTAP_OPEN_ERROR; /* - * Zeroes? + * Zeroes? Or upper 4 bytes of file size? */ if (!file_skip(wth->fh, 4, err)) return WTAP_OPEN_ERROR; |