Thanks for the hint with the interface_id - didn't knew that yet.
Mapping between interfaces and message definition files are done in the
preferences.
Good point with the capture files - listening for UI events wouldn't
work there. So probably I should stick with the solution of the
interface_id and if this is not available, force the user to explicitly
specify which message definitions to use.
On 07.06.21 18:32, Guy Harris wrote:
On Jun 7, 2021, at 4:15 AM, Jan Mall <jan.m...@uni-ulm.de> wrote:
After continuing searching I found this snippet in the UI part:
"epan_get_interface_name(pinfo->epan,
pinfo->rec->rec_header.packet_header.interface_id);"
Note that it is permitted to return NULL.
Note also that there is no guarantee that pinfo->rec->rec_header.packet_header.interface_id
has a meaningful value; unless the WTAP_HAS_INTERFACE_ID bit is set in
pinfo->rec->presence_flags, pinfo->rec->rec_header.packet_header.interface_id must
not be used.
Presumably either:
this is a site-specific use, so you know which interface names have
which sets of message definitions, and you've hardcoded that into your
dissector;
this is for a particular capture device, so you know which interface
names have which sets of message definitions, and you've hardcoded that into
your dissector;
the message definition files have names that include the interface
name, so, while the user doesn't have to set preferences for the dissector, the
user has to set file names for the message definition files;
or something such as that.
Still wondering if there is maybe a callback/event I could register to get
notified as soon as the user starts capturing on a specific interface
(including the interface name)?
Note that there is no guarantee that your dissector will only be called if the
user is doing a capture. Remember, Wireshark can read saved capture files.
Further note that, unless the saved capture file is a pcapng file, the
interface ID, and interface names, will not be available.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
