diff options
| author | Michael Mann <mmann78@netscape.net> | 2017-08-25 15:29:17 -0400 |
|---|---|---|
| committer | Anders Broman <a.broman58@gmail.com> | 2017-08-30 06:10:17 +0000 |
| commit | 52823805b29a44a83eacd0e5b415b11227ec313b (patch) | |
| tree | f0a7d33933a3e7aee0baedd393d40489a4feb59c /wiretap/wtap.h | |
| parent | 32b27bf19d181e4b2b227d13450a9dee9582af2c (diff) | |
Add support for reading comments in Network Monitor files
The NetMon wiretap reads the title and description comment fields from a
NetMon file and saves it in the wiretap private structure. Then when
it's time to make a frame, the comment fields are added to a NetMon
pseudoheader with a new WTAP ENCAP type, with the potential for netmon
pseudoheader to contain pseudoheader data from "base" wiretap. Then the
netmon_header dissector displays the comment fields and passes any "base"
wiretap pseudoheader data when calling the wtap_encap dissector table
that the frame dissector normally calls.
Bug: 4225
Change-Id: I8f772bc9494364c98434c78b61eb5a64012ff3b9
Reviewed-on: https://code.wireshark.org/review/23210
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Diffstat (limited to 'wiretap/wtap.h')
| -rw-r--r-- | wiretap/wtap.h | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 7959b0bfc6..00bafcde19 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -275,6 +275,7 @@ extern "C" { #define WTAP_ENCAP_VSOCK 185 #define WTAP_ENCAP_NORDIC_BLE 186 #define WTAP_ENCAP_NETMON_NET_NETEVENT 187 +#define WTAP_ENCAP_NETMON_HEADER 188 /* After adding new item here, please also add new item to encap_table_base array */ #define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types() @@ -1147,6 +1148,21 @@ struct sysdig_event_phdr { /* ... Event ... */ }; +/* Packet "pseudo-header" information for header data from NetMon files. */ + +struct netmon_phdr { + guint32 titleLength; /* Number of bytes in the comment title */ + guint8* title; /* Comment title */ + guint32 descLength; /* Number of bytes in the comment description */ + guint8* description; /* Comment description */ + guint sub_encap; /* "Real" encap value for the record that will be used once pseudo header data is display */ + union sub_wtap_pseudo_header { + struct eth_phdr eth; + struct atm_phdr atm; + struct ieee_802_11_phdr ieee_802_11; + } subheader; +}; + /* Pseudo-header for file-type-specific records */ struct ft_specific_record_phdr { guint record_type; /* the type of record this is */ @@ -1179,6 +1195,7 @@ union wtap_pseudo_header { struct llcp_phdr llcp; struct logcat_phdr logcat; struct sysdig_event_phdr sysdig_event; + struct netmon_phdr netmon; struct ft_specific_record_phdr ftsrec; }; |