diff options
author | Guy Harris <guy@alum.mit.edu> | 2018-02-06 12:35:11 -0800 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2018-02-06 20:35:47 +0000 |
commit | cb1a6528f968c3cd97660217abc1a6725ff5ba92 (patch) | |
tree | aee1d32c85897e2f769d56c454a17505cce0d4e6 /epan/dissectors/packet-snort.c | |
parent | 6db88da7f7ffd7f75bb2e06e269bd28537f10ac1 (diff) |
Get rid of the pkt_encap field in struct packet_info.
pinfo->pkt_encap is jsut a copy of pinfo->phdr->pkt_encap; no need for
the copy.
Expand a comment while we're at it.
Change-Id: I5fcfe694ecba42507f1d629d01440da0a0989501
Reviewed-on: https://code.wireshark.org/review/25643
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Diffstat (limited to 'epan/dissectors/packet-snort.c')
-rw-r--r-- | epan/dissectors/packet-snort.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/epan/dissectors/packet-snort.c b/epan/dissectors/packet-snort.c index 616f38bd00..6da2a4b7e8 100644 --- a/epan/dissectors/packet-snort.c +++ b/epan/dissectors/packet-snort.c @@ -1166,11 +1166,18 @@ snort_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data /* Older versions of Snort don't support capture file with several encapsulations (like pcapng), * so write in pcap format and hope we have just one encap. - * Newer versions of Snort can read pcapng now, but still write in pcap format. + * Newer versions of Snort can read pcapng now, but still + * write in pcap format; if "newer versions of Snort" really + * means "Snort, when using newer versions of libpcap", then, + * yes, they can read pcapng, but they can't read pcapng + * files with more than one encapsulation type, as libpcap's + * API currently can't handle that, so even those "newer + * versions of Snort" wouldn't handle multiple encapsulation + * types. */ current_session.pdh = wtap_dump_fdopen(current_session.in, WTAP_FILE_TYPE_SUBTYPE_PCAP, - pinfo->pkt_encap, + pinfo->phdr->pkt_encap, WTAP_MAX_PACKET_SIZE_STANDARD, FALSE, /* compressed */ &open_err); @@ -1193,7 +1200,6 @@ snort_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data wtp.caplen = tvb_captured_length(tvb); wtp.len = tvb_reported_length(tvb); - wtp.pkt_encap = pinfo->pkt_encap; if (current_session.pdh->encap != wtp.pkt_encap) { /* XXX, warning! convert? */ } |