osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

dumpcap: Count more block types as packets. 

The Sysdig Event dissector handles BLOCK_TYPE_SYSDIG_EVENT_V2 and
BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE blocks. Add them to dumpcap's packet
count so that we don't get a "No packets captured." error.
This commit is contained in:
Gerald Combs 2022-03-19 19:31:03 -07:00
parent 6a97b2095c
commit c347b057a7
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dumpcap.c
View File

@ -4560,8 +4560,8 @@ capture_loop_write_pcapng_cb(capture_src *pcap_src, const pcapng_block_header_t
global_ld.go = FALSE;
global_ld.err = err;
pcap_src->dropped++;
} else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB || bh->block_type == BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT) {
/* count packet only if we actually have an EPB or SPB */
} else if (bh->block_type == BLOCK_TYPE_EPB || bh->block_type == BLOCK_TYPE_SPB || bh->block_type == BLOCK_TYPE_SYSTEMD_JOURNAL_EXPORT || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2 || bh->block_type == BLOCK_TYPE_SYSDIG_EVENT_V2_LARGE) {
/* Count packets for block types that should be dissected, i.e. ones that show up in the packet list. */
#if defined(DEBUG_DUMPCAP) || defined(DEBUG_CHILD_DUMPCAP)
ws_info("Wrote a pcapng block type %u of length %d captured on interface %u.",
bh->block_type, bh->block_total_length, pcap_src->interface_id);