Wireshark · Ethereal-dev: Re: [Ethereal-dev] nettl (HP-UX) Enhanced file handling

[Guy Harris <gharris@xxxxxxxxx>]

Mark C. Brown wrote:

> Added nettl trace record specific fields: subsystem, trace kind,
> device id, process id (actually kernel thread id for 10.X and
> later), and user id...

It's a bit ugly to have special-case handling of nettl trace records in 
packet-frame.c, and the information in the nettl pseudo-header is at a 
different level from most if not all of the other pseudo-header stuff - 
and some link-layer types, such as Ethernet, supported by nettl already 
have pseudo-headers.

It'd be a Wiretap API change, so that'd be a bit of extra work, but 
perhaps an additional union, similar to the pseudo-header union, could 
be used for non-protocol-related pseudo-header information (and, in 
fact, some of the CoSine L2 debug header information is arguably not 
protocol related) - or the "union pseudo_header *" arguments could be 
replaced with pointers to a structure containing both the 
non-protocol-related and protocol-related information).

In addition, a dissector could register in a new "wtap_filetype" 
dissector table with a WTAP_FILE_ value, and the frame dissector would 
call the dissector for that, if one is found, before calling the 
dissector for the frame type.