<fx.leb...@yahoo.com> wrote:
> Using pcap_major_version() and pcap_minor_version()) in tcpdump when
> reading a file, I found:
> Most pcap file have major.minor: 2.4 (current PCAP_VERSION_MAJOR and
> PCAP_VERSION_MINOR),
> a few have: 1.0 (ahcp.pcap, hdlc_slarp.pcap, msnlb2.pcap,
> of10_7050q.pcap and ospf3_auth.pcap), one have: 12336.12336
> (cve2015-0261-crash.pcap), doubtless via fuzzing.
> To avoid case like the last, I'm thinking of adding a sanity check on
> major/minor.
> Hence my question:
> What are the pairs major / minor to authorize currently?
I think that as long as major <= PCAP_VERSION_MAJOR, we are good.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] m...@sandelman.ca http://www.sandelman.ca/ | ruby on rails [
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
