diff options
author | Martin Kaiser <wireshark@kaiser.cx> | 2017-01-08 18:04:56 +0100 |
---|---|---|
committer | Roland Knall <rknall@gmail.com> | 2017-01-12 16:04:53 +0000 |
commit | 259989ac1ade9cf60db9e5a78ceb404123d57fe9 (patch) | |
tree | 73c73d89e0462a762950a524ea1c0d25af9561f5 /wiretap/camins.h | |
parent | 3df81a055064e2e2c8c9548f1c6837ddef5e5034 (diff) |
camins: improve the heuristics
The current mechanism that reads the first 20 blocks looking for a headerd
oesn't work in all cases. I was given sample files that consist of
data blocks only and have no header.
Use a new approach to detect a .camins file by searching for pairs of
size high + size low blocks, either read or write. Go through the
entire file. If we have significantly more pairs than single, non-matching
blocks, this is a camins file.
Change-Id: Ic91e7db7149b105e26896d1a89cad4a2a73d0f13
Reviewed-on: https://code.wireshark.org/review/19603
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Roland Knall <rknall@gmail.com>
Diffstat (limited to 'wiretap/camins.h')
-rw-r--r-- | wiretap/camins.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/wiretap/camins.h b/wiretap/camins.h index 676b2cf5bd..cf1a4cc86e 100644 --- a/wiretap/camins.h +++ b/wiretap/camins.h @@ -28,6 +28,6 @@ #include <glib.h> #include <wiretap/wtap.h> -wtap_open_return_val camins_open(wtap *wth, int *err, gchar **err_info); +wtap_open_return_val camins_open(wtap *wth, int *err, gchar **err_info _U_); #endif /* _CAMINS_H */ |