Wireshark mailing list archives
Re: [pcap-ng-format] Proposal for storing decryption secrets in a pcapng block
From: Jasper Bongertz <jasper () packet-foo com>
Date: Mon, 1 Oct 2018 17:37:24 +0200
Michael Richardson wrote:
Peter Wu <peter () lekensteyn nl> wrote: > Requirements for block placement: > - No requirement. Producers are allowed to write the block anywhere. > Disadvantages for consumers: requires a two-pass scan to collect > secrets before they are used.
I prefer this, but I would support having a flag in the block that says that no other blocks exist in the file until at least X-bytes. So, a producer (or something downstream of it), could scan for the blocks, move them to the front, and indicate how far into the file it cover. Naturally, if X >= file size, then the work is done.
I agree that this would be nice but I see technical difficulties with this. When writing a block you have to assume that you don't know what's going to be written next, so you don't know how far it is to the next block. pcap-ng files are usually written by the producer as a stream of blocks, so you can't go back to update a previous block when you write the next one. Also, moving blocks around while writing a live capture is not an option when it comes to heavy loads. Or did I misunderstand your idea? ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: [pcap-ng-format] Proposal for storing decryption secrets in a pcapng block Michael Richardson (Oct 01)
- Re: [pcap-ng-format] Proposal for storing decryption secrets in a pcapng block Jasper Bongertz (Oct 01)