On May 15, 2016, at 6:40 PM, Guy Harris <[email protected]> wrote:
> 1) What is an "option block"? No capture file format we read has anything
> called an "option block"; in pcapng, a file is a sequence of blocks, each of
> which can have zero or more options. Is an "option block" really just a
> "block" - or what other parts of libwiretap call a "record"?
>
> 2) In the pcapng specification, nothing prevents a block from having multiple
> comment options; can the "option block" interface handle that?
>
> 3) What mechanisms are available for handling block/record types, or options,
> not currently supported by pcapng, but that might be provided by other file
> types? Hadriel Kaplan suggested getting a Private Enterprise Number (PEN)
> for wireshark.org, and using custom blocks and options for this purpose; have
> we gotten a PEN for wireshark.org yet?
4) The existence of wtap_file_get_shb() seems to imply that a file has *a*
Section Header Block, but a pcapng file could have multiple SHBs; we don't
currently support that, but we should be prepared to do so in the future.
A file can also have multiple Name Resolution Blocks as well; as the pcapng
specification says:
Multiple NRBs can exist in a pcapng file, either due to memory
constraints or because additional name resolutions were performed by file
processing tools, like network analyzers.
so we should not have routines that assume a single NRB. Perhaps the routines
in question should take an array of NRBs - combining the NRBs into a single
table would lose information about which names were resolved by which name
servers.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
