> I could not find a wtap_open routine ... Does such a thing exist?
"wtap_open_offline()" to open for input, "wtap_dump_open()" to open for
output (API shamelessly modeled after that of "libpcap").
> I had envisioned (have to remember not to write envisage for USians ;-)
> that I would do something like:
>
> get file name of command line
> wth = wtap_open(file);
> while (wtap_read(buff)) {
>
> if user wants this frame
> write it out
> }
> wtap close ...
>
get file name for input
get file name for output
wth = wtap_open_offline(input file);
wdh = wtap_dump_open(output file, WTAP_FILE_PCAP, ...);
The one problem is that Wiretap doesn't tell you the encapsulation type
of a file, just the encapsulation type of each packet as you read it,
and, if you open a "libpcap" file for output, you have to specify the
file type.
My inclination here would be to, when a file is opened for input and
files of that type have a single encapsulation for all packets, have
Wiretap remember that encapsulation and provide a routine to return it -
and for file types that *don't* have a single encapsulation for all
packets, namely "iptrace", set it to WTAP_ENCAP_PER_PACKET.
Then, when opening a file for output - which, right now, has to be a
"libpcap" file - you could provide to "wtap_dump_open()" that
encapsulation type, and also supply it when you write the packet.
