> 1. A routine that takes a name like NetMon, Snoop, etc, and returns a
> capture file type to be given to wtap_dump_open as the type of capture file
> to open.
So am I. :-)
That was next on my list; at NetApp, I wrote a program called
"captrans", which used a modified "libpcap" that could read "foreign"
capture file formats, and had its own routines to write "snoop", Network
Monitor, and Sniffer captures (the latter code came from "tcpview", so
it probably stood a decent chance of working, but I never had a Sniffer
handy to try it on - I think I may have tried it with NetMon, which can
read uncompressed Sniffer captures). It took, as a flag argument, "-f
<capture type>", where the capture type could be "sniffer", "snoop", or
"netmon" (it defaulted to "libpcap").
This comes in *very* handy if you get a capture file from a customer in
a format that the program you have available that best dissects the
protocol being investigated can't read, e.g. a "tcpdump" trace of an NFS
problem (of the tools we have at NetApp, the one that currently best
handles NFS is "snoop", but at the rate Uwe and Nathan are going, that
may not be true for too much longer :-)).
In order to reimplement "captrans" (or a similar program) atop Wiretap,
I think the only thing missing is a routine to take a capture file type
and return its name (yes, that'd lets you do what you want as well -
read on); I was thinking of adding "const char *short_name" to "struct
file_type_info" in "wiretap/file.c", adding that sort of command-line
name to the formats we can write, and adding a routine to get a capture
file type's short name.
> It would also be nice to have routines that can list all of the capture
> file formats supported for writing and all the encapsulation types supported.
I have some code to add an option menu to the "Save As" dialog box,
letting you choose in which format to save a capture file; if you
haven't selected "save only filtered packets", it includes the format
the file is in (as that can be done simply by copying the file). The
way it builds the list of file types for the option menu is:
for (filetype = 0; filetype < WTAP_NUM_FILE_TYPES; filetype++) {
if (filtered or filetype isn't the file's current type) {
if (we can't save the file with Wiretap)
continue;
}
add "wtap_file_type_string(filetype)" to the menu;
}
So, to enumerate all the formats supported for writing (whether we can
write some particular encapsulation format or not):
for (filetype = 0; filetype < WTAP_NUM_FILE_TYPES; filetype++) {
if (wtap_dump_can_open(filetype))
include "filetype" in the list;
}
If we had "wtap_file_short_type_string()", we could construct a list of
file types we can write with:
for (filetype = 0; filetype < WTAP_NUM_FILE_TYPES; filetype++) {
if (wtap_dump_can_open(filetype)) {
add { filetype, wtap_file_short_type_string(filetype) }
to the list;
}
With that list, translating names to file types could be done by
searching the list in question.
That list could also be used in a usage message - "captrans"'s usage
message lists the file types, in a format that amounts to showing both
"wtap_file_short_type_string(filetype)" and showing
"wtap_file_type_string(filetype)" as an explanation.
