Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] About wtap_pkthdr pack_flags

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Thu, 18 May 2017 21:38:10 +0200
Hi list,

Why has wrap.h the following entry:

struct wtap_pkthdr {
...
    guint32   pack_flags;       /* XXX - 0 for now (any value for "we don't have it"?) */
...
};

while packet-frame.c defines numerous masks, e.g.:

#define PACKET_WORD_DIRECTION_MASK                        0x00000003
#define PACKET_WORD_RECEPTION_TYPE_MASK                   0x0000001C
#define PACKET_WORD_FCS_LENGTH_MASK                       0x000001E0
...

which is used to access this field later on:

                if (pinfo->phdr->presence_flags & WTAP_HAS_PACK_FLAGS) {
...


and pcapng.c uses hardcoded values, like so:

                if (wblock->packet_header->pack_flags & 0x000001E0) {
...


Shouldn’t:
1) the masks defined in packet-frame.c be moved to wrap.h
2) the wrap_pkthdr pack_flags field comment adjusted. and 
3) pcapng.c make use of these masks. 

Thanks,
Jaap