Wiretap subfiles are to be indexes of one or more capture files (the source) that (as long as they correctly reference the source) transparently work as if they were a a single capture file with the features of the source.
I think they should contain a magic number, the source filename(s), basic common information from the source and a list of file_ids, framenums and offsets realitve to the source.
They came to my mind thinking on how to make a handover between two epan processes so that known open transactions were not dropped when a new process starts, starting with a file with just the packets that contain that information would be the easiest way to come with it.
But they can be used for tons of other things:
- small (low disk use) saves of filter results (you just email the packet list back, not the file with the packets)
- can be used as offset cache in wtap for speeding file operations
- add your own here...
I believe the implementation is a simple matter (not much more than 600 lines of code) And I'll be starting work on it in few weeks from now unless someone beats me at it.
Any Ideas?
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
