aboutsummaryrefslogtreecommitdiffstats
path: root/wiretap/README.developer
blob: 81d9dfeb8bcbbccf745fc37cd7ebd432826e3c02 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
$Id: README.developer,v 1.1 2003/04/02 20:21:45 guy Exp $

This is a very quick and very dirty guide to adding support for new
capture file formats.  If you see any errors or have any improvements,
submit patches - free software is a community effort....

To add the ability to read a new capture file format, you have to:

	add a new WTAP_FILE_ value for the file type to
	"wiretap/wtap.h", and increase WTAP_NUM_FILE_TYPES by 1;

	write an "open" routine that can read the beginning of the
	capture file and figure out if it's in that format or not,
	either by looking at a magic number at the beginning or by using
	some form of heuristic to determine if it's a file of that type
	(if the file format has a magic number, that's what should be
	used);

	write a "read" routine that can read a packet from the file and
	supply the packet length, captured data length, and time stamp,
	and have the "open" routine set the "subtype_read" member of the
	"wtap" structure supplied to it to point to that routine;

	write a "seek and read" routine, if necessary, and have the
	"open" routine set the "subtype_seek_read" member of the "wtap"
	structure to point to that routine, otherwise set it to
	"wtap_def_seek_read";

	write a "close" routine, if necessary (if, for example, the
	"open" routine allocates any memory), and set the
	"subtype_close" member of the "wtap" structure to point to it,
	otherwise leave it set to NULL;

	add a pointer to the "open" routine to the "open_routines[]"
	table in "file.c" - if it uses a magic number, put it in the
	first section of that list, and, if it uses a heuristic, put it
	in the second section, preferably putting the heuristic routines
	for binary files before the heuristic routines for text files;

	add an entry for that file type in the "dump_open_table[]" in
	"file.c", giving a descriptive name, a short name that's
	convenient to type on a command line (no blanks or capital
	letters, please), and pointers to the "can_write_encap" and
	"dump_open" routines if writing that file is supported (see
	below), otherwise just null pointers.

To add the ability to write a new capture file format, you have to:

	add a "can_write_encap" routine that returns an indication of
	whether a given packet encapsulation format is supported by the
	new capture file format;

	add a "dump_open" routine that starts writing a file (writing
	headers, allocating data structures, etc.);

	add a "dump" routine to write a packet to a file, and have the
	"dump_open" routine set the "subtype_write" member of the
	"wtap_dumper" structure passed to it to point to it;

	add a "close" routine, if necessary (if, for example, the
	"dump_open" routine allocates any memory, or if some of the file
	header can be written only after all the packets have been
	written), and have the "dump_open" routine set the
	"subtype_close" member of the "wtap_dumper" structure to point
	to it;

	put pointers to the "can_write_encap" and "dump_open" routines
	in the "dump_open_table[]" entry for that file type.