I'm not sure if this is the best way to go about it, but with the changes in this PR I've created a Zeek artifact that uses a newer libpcap and successfully processes pcapng files whereas the prior artifact did not.
# old-zeek/zeek/zeek -C -r hello.pcapng local
fatal error: problem with trace file hello.pcapng (invalid interface capture length 524288, bigger than maximum of 262144)
# new-zeek/zeek/zeek -C -r hello.pcapng local
WARNING: No Site::local_nets have been defined. It's usually a good idea to define your local networks.
phil@phil-linux:~$ ls -l *.log
-rw-rw-r-- 1 phil phil 276 Apr 27 00:17 capture_loss.log
-rw-rw-r-- 1 phil phil 617 Apr 27 00:17 conn.log
-rw-rw-r-- 1 phil phil 783 Apr 27 00:17 files.log
-rw-rw-r-- 1 phil phil 881 Apr 27 00:17 http.log
-rw-rw-r-- 1 phil phil 31170 Apr 27 00:17 loaded_scripts.log
-rw-rw-r-- 1 phil phil 254 Apr 27 00:17 packet_filter.log
-rw-rw-r-- 1 phil phil 706 Apr 27 00:17 stats.log
I'm not sure if this is the best way to go about it, but with the changes in this PR I've created a Zeek artifact that uses a newer libpcap and successfully processes pcapng files whereas the prior artifact did not.
Closes #17