Re: PCAP-NG Block Formats

[Guy Harris <guy () alum mit edu>]

On Jun 10, 2016, at 4:09 PM, Guy Harris <guy () alum mit edu> wrote:

> The spec should discuss that more, including emphasizing that a reader must pay attention to the block total length 
> when processing options - or deciding whether there are any options to process.  I'll look at doing that.

OK, the spec now says

        All the block bodies MAY embed optional fields.  Optional fields can be used to insert some information that 
may be useful when reading data, but that is not really needed for packet processing. Therefore, each tool can either 
read the content of the optional fields (if any), or skip some of them or even all at once.
        
        Skipping all the optional fields at once is straightforward because most of the blocks are made of a first part 
with fixed format, and a second optional part. Therefore, the Block Length field (present in the General Block 
Structure, see Section 3.1) can be used to determine how many bytes of optional fields, if any, are present in the 
block. That value can be used to determine whether the block has optional fields (if it is zero, there are no optional 
fields), to check, when processing optional fields, whether any optional fields remain, and to skip all the optional 
fields.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe