https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16420
--- Comment #7 from Guy Harris <g...@alum.mit.edu> ---
(In reply to jgh from comment #5)
> The use-case is:
>
> - an existing utility which reads pcaps and interprets TCP flows for display
> and analysis: tcptrace
> - a need to investigate an ipsec-wrapped TCP flow
> - de-wrap the ipsec from the flow using wireshark, and write a pcap with
> the IP/TCP only
>
>
> If the solution is to re-code the utility, that's ok (for this utility, as
> I have source). But we need documentation to do that; the existing
> documentation
> implies that you can just call pcap_datalink() and get handed a packet and a
> link type which is one of the documented values. That appears to have
> changed;
> it no longer functions.
It has never been the case that pcap_datalink() only returns a documented
value; there was a time when the page that documents some of the values didn't
even exist.
> If the link-type of 252 now being returned is valid,
> then a) the documentation needs to say so, and b) the documentation needs to
> say what the format of the packet returned for that case is.
> It would also be useful to know what API returns the "dissector name", if
> that has to be looked it; it's not obvious from the list at
> https://www.tcpdump.org/manpages/
There isn't, and there never will be, a libpcap API to do that. It is *not*,
and never will be, libpcap's job to parse the payload, including any metadata
headers in the payload, so there are, and will continue to be, no libpcap APIs
to parse the DLT_WIRESHARK_UPPER_PDU metadata, just as there are, and will
continue to be, no libpcap APIs to parse radiotap headers - or, for that
matter, Ethernet headers.
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
