Wireshark mailing list archives

Re: pcapng options


From: Jasper Bongertz <jasper.bongertz () flane de>
Date: Fri, 02 Nov 2012 14:17:20 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02.11.2012 04:23, Guy Harris wrote:

Is it legal to have a pcap-ng file that contains a block with
options that does not contain an opt_endofopt option?

My inclination would be to say "yes", to indicate that option
processing must stop when you reach the end of the block even if no
opt_endofopt option is seen, but also indicate that option
processing should stop when an opt_endofopt block is seen, even if
there is more data remaining in the block.  So my inclination would
be to say:

option processing MUST stop when you run out of data in the block;

option processing MUST stop when you see an opt_endofopt block;

option lists that contain at least one non-opt_endofopt option
SHOULD also have an opt_endofopt option at the end;

and possibly change the last SHOULD to MUST in order not to upset
code that *doesn't* check for the end of the block, even if that
code is insecure.

I agree. The opt_endofopt is a nice-to-have in my eyes, because - as
Guy said - you need to check that your code is not running past the
end of a block anyway, and that requires keeping track of where you are.

I think we can go for a "MUST" on the last one as well; code that
reads pcap-ng still has to expect that there is no opt_endofopt
because of the first rule.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQk8fgAAoJELMLD8F06bDgD7MH/AsYbtcrMRGuk6rtG8uCcgjd
8sMzkCYuDQGuiBDCciCxCri/FFPdAx8Vm1U3R7Eu8ANfgcQRRDh2bhcWwTUMM/i/
QJ1BCtF1I3cfgg2+Lt0n1gotkQ8NUg9T+Tv5zYxESR8CvjvCHj1m5CFnZzDOiVex
7kZgbv2sP3rnZVWpBxhEPyPx5dbNzZgIfIQD4DzBo30+tspIBUmWUqLT4fKXWl/G
I+Gldeoepyv/tYbXkRk6vqmoF2uUX1Nhd5vBuD1R3f+hLMF6l7gT3H+NYFkmtdH/
38p/udIsZHXFC5H2txvsUBSJGi1Wxs/XznrATwRIwusPLGmz81VFLpsqiegMMWc=
=bkYP
-----END PGP SIGNATURE-----

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread: