ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 7281] New: Patch: Add frame.interface_id support for pcap

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 23 May 2012 15:53:26 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7281

           Summary: Patch: Add frame.interface_id support for pcap DLT_ERF
                    file format
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: stephen@xxxxxxxxxx
        Depends on: 7266


Stephen Donnelly <stephen@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #8481|                            |review_for_checkin?
              Flags|                            |

Created attachment 8481
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8481
pcap DLT_ERF frame.interface_id patch

Build Information:
wireshark 1.7.2 (SVN Rev 42814 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.6, with Cairo 1.10.2, with Pango 1.29.3, with
GLib 2.30.0, with libpcap, with libz 1.2.3.4, with POSIX capabilities (Linux),
with SMI 0.4.8, with c-ares 1.7.4, with Lua 5.1, without Python, with GnuTLS
2.10.5, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with PortAudio <=
V18,
with AirPcap.

Running on Linux 3.0.0-19-generic, with locale en_NZ.UTF-8, with libpcap
version
1.3.0-PRE-GIT_2011_08_23, with libz 1.2.3.4, GnuTLS 2.10.5, Gcrypt 1.5.0,
without AirPcap.

Built using gcc 4.6.1.

--
This patch adds support for the frame.interface_id field when reading in pcap
files with DLT_ERF linktype.

When a pcap file is opened the linktype is checked. If the linktype is DLT_ERF,
we create four interface entries.

Since all ERF records have a 2-bit interface id field (erf.flags.cap) any ERF
file can contain records from 1-4 interfaces. This cannot be determined from a
capture file, so we create 4 interface_data entries, one for each potential
interface.

As pcap packet records are read from the file their interface_id is read from
the ERF record pseudo header in the pcap payload. This id is then set in the
wiretap pseudo header to enable frame.interface_id display.

If the opened file is subsequently saved as pcap DLT_ERF, pcapng, or ERF format
the interface_id information is preserved.

An example pcap file with DLT_ERF linktype presenting two interfaces is
available at: http://wiki.wireshark.org/SampleCaptures#InfiniBand

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube