Guy Harris wrote:
Mark C. Brown wrote:
Added nettl trace record specific fields: subsystem, trace kind,
device id, process id (actually kernel thread id for 10.X and
later), and user id...
It's a bit ugly to have special-case handling of nettl trace records
in packet-frame.c, and the information in the nettl pseudo-header is
at a different level from most if not all of the other pseudo-header
stuff - and some link-layer types, such as Ethernet, supported by
nettl already have pseudo-headers.
I knew it wasn't pretty, but was hoping it would pass the ugliness
test. Nettl is such an oddball format and I didn't want to change any
APIs just to support the OS related data.
It'd be a Wiretap API change, so that'd be a bit of extra work, but
perhaps an additional union, similar to the pseudo-header union, could
be used for non-protocol-related pseudo-header information (and, in
fact, some of the CoSine L2 debug header information is arguably not
protocol related) - or the "union pseudo_header *" arguments could be
replaced with pointers to a structure containing both the
non-protocol-related and protocol-related information).
Which would be preferable: additional union or change to structure with
both unions?
In addition, a dissector could register in a new "wtap_filetype"
dissector table with a WTAP_FILE_ value, and the frame dissector would
call the dissector for that, if one is found, before calling the
dissector for the frame type.
That would be much better, but since I didn't have visibility to the
file type at the time, I chose the ugly duckling. Back to the drawing
board...
Thanks for the feedback Guy!
Mark
--
"If a train station is where a train stops, | Mark C. Brown
then what's a workstation?" -- D. Huber | mbrown@xxxxxxxxxx
