Guy Harris
changed
bug 9358
| What |
Removed |
Added |
| Status |
INCOMPLETE
|
RESOLVED
|
| Resolution |
---
|
FIXED
|
Comment # 10
on bug 9358
from Guy Harris
I've checked a PKTAP dissector into the trunk, along with support for
LINKTYPE_PKTAP pcap files and pcap-ng interfaces, and a hack so that, *IF* the
user hasn't assigned some protocol to LINKTYPE_USER2, Wireshark (and TShark)
will treat LINKTYPE_USER2 files as PKTAP files.
I've also managed to test the shiny new libpcap on OS X 10.9 with a remote
virtual interface, and it appears to work, saving the file with LINKTYPE_PKTAP
(so that it's *NOT* abusing LINKTYPE_USER2). Those files are readable by the
shiny new tcpdump when linked with the shiny new libpcap, as well as by the
shiny new Wireshark. They're not readable by Apple's tcpdump on 10.9, but that
was expected, and, if most of the people inconvenienced by that work at Apple,
that's not a bug, that's a feature - hopefully they'll all go yell at the
person whose bright idea it was to hijack LINKTYPE_USER2 for PKTAP captures,
and make sure he or she never comes up with that bad idea ever again.
This is only in the trunk; it's enough of a feature that I'm reluctant backport
it to 1.10.
You are receiving this mail because:
- You are watching all bug changes.
