Guy Harris wrote:
On Oct 2, 2012, at 7:52 AM, Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> wrote:
I noticed today (in fighting to get name resolution blocks into my
PCAPNG files) that editcap does not (contrary to the man page) support
the "-H" and "-W" options. Should it?
I coded up a patch today but realized that it would require linking
editcap against libwireshark. Do we care?
The other aspect is that adding name resolution blocks can already be
done with tshark (in which the "-H" and "-W" options do work).
Exactly. We already have a command-line tool that reads and writes capture files, is linked with libwireshark, and supports -H and -W; I'm not sure we need another one.
Either that, or some or all of epan/addr_resolv.c should be moved to libwiretap or libwsutil, so you don't need libwireshark in order to usefully read or write Name Resolution Blocks (or the equivalent information in whatever other capture file formats support that).
I had contemplated that too[1] but, well I don't have the time to mess
with it right now. So I took the options out of editcap's man page in
r45975.
[1] another reason to consider this is another problem I noticed (and
why I was fighting to get name resolution blocks into my PCAPNG files in
the first place): when doing captures to a series of files you don't get
name resolution blocks in them. Took me a while to figure that out but
of course the answer is obvious: dumpcap is the one writing those files
and it doesn't have name resolution... Not sure what to (or what can)
be done about that.
