When you say "properly", you mean like so it can be submitted into master? I think the *right* thing is a much bigger change, and involves creating wiretype subtypes for each file-format reader type. But in the meantime you could wrap all your code in #ifdef so it's not normally compiled in, but when it is compiled in it's the last magic value and always succeeds.
I believe (or at least hope) that the way the MIME files thing works right now is only a temporary hack. Ultimately we're not really opening a file as a MIME container, shouldn't be seeing the file's records inside of one big "MIME" frame but instead as independent frames, and shouldn't need magic values to match up at all. I should be able to tell wireshark to display a file in Format X, and it should do it or die trying. :) -hadriel On Sun, Aug 30, 2015 at 8:41 AM, Joerg Mayer <jma...@loplof.de> wrote: > On Sun, Aug 30, 2015 at 07:53:09AM -0400, Hadriel Kaplan wrote: >> Did you add the magic info into the magic_files array in >> wiretap/mime_file.c? It looks like it's necessary. > > Ah, that was the part I was missing. Thanks! > Of course now that I did look at it, it doesn't help me because the file > format > doesn't really have a magic value. So how do I go about it properly? > > Thanks > Jörg > >> On Sun, Aug 30, 2015 at 4:22 AM, Joerg Mayer <jma...@loplof.de> wrote: >> > I'm trying to write a file dissector for the IxVeriWave (.vwr) capture >> > files >> > (without loosing the ability to open said capture files normally of course) >> > and am failing: >> > Running "tshark -X 'read_format:MIME Files Format' -V -r testfile.vwr" (or >> > the equivalent steps in wireshark) results in >> > tshark: The file "testfile.vwr" isn't a capture file in a format TShark >> > understands. >> > Trying to just take over the complete capture file was also unsuccessful. >> > I've attached the current source of the dissector. Simple question: What am >> > I missing ;-) >> > In case you want to test, use the capture attached to bug 11464. > > -- > Joerg Mayer <jma...@loplof.de> > We are stuck with technology when what we really want is just stuff that > works. Some say that should read Microsoft instead of technology. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
