Wireshark mailing list archives
Re: Some questions about the "option block" interface in libwiretap
From: Guy Harris <guy () alum mit edu>
Date: Sun, 15 May 2016 19:17:12 -0700
On May 15, 2016, at 6:40 PM, Guy Harris <guy () alum mit edu> wrote:
1) What is an "option block"? No capture file format we read has anything called an "option block"; in pcapng, a file is a sequence of blocks, each of which can have zero or more options. Is an "option block" really just a "block" - or what other parts of libwiretap call a "record"? 2) In the pcapng specification, nothing prevents a block from having multiple comment options; can the "option block" interface handle that? 3) What mechanisms are available for handling block/record types, or options, not currently supported by pcapng, but that might be provided by other file types? Hadriel Kaplan suggested getting a Private Enterprise Number (PEN) for wireshark.org, and using custom blocks and options for this purpose; have we gotten a PEN for wireshark.org yet?
4) The existence of wtap_file_get_shb() seems to imply that a file has *a* Section Header Block, but a pcapng file
could have multiple SHBs; we don't currently support that, but we should be prepared to do so in the future.
A file can also have multiple Name Resolution Blocks as well; as the pcapng specification says:
Multiple NRBs can exist in a pcapng file, either due to memory constraints or because additional name
resolutions were performed by file processing tools, like network analyzers.
so we should not have routines that assume a single NRB. Perhaps the routines in question should take an array of NRBs
- combining the NRBs into a single table would lose information about which names were resolved by which name servers.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Some questions about the "option block" interface in libwiretap Guy Harris (May 15)
- Re: Some questions about the "option block" interface in libwiretap Guy Harris (May 15)
- Re: Some questions about the "option block" interface in libwiretap Michael Mann (May 16)
- Re: Some questions about the "option block" interface in libwiretap Guy Harris (May 16)
- Re: Some questions about the "option block" interface in libwiretap Michael Mann (May 16)
- Re: Some questions about the "option block" interface in libwiretap Guy Harris (May 16)
- Re: Some questions about the "option block" interface in libwiretap Michael Mann (May 16)
- Re: Some questions about the "option block" interface in libwiretap Guy Harris (May 15)