Wireshark-dev: Re: [Wireshark-dev] Some questions about the "option block" interface in libwire
On May 15, 2016, at 6:40 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> 1) What is an "option block"? No capture file format we read has anything called an "option block"; in pcapng, a file is a sequence of blocks, each of which can have zero or more options. Is an "option block" really just a "block" - or what other parts of libwiretap call a "record"?
>
> 2) In the pcapng specification, nothing prevents a block from having multiple comment options; can the "option block" interface handle that?
>
> 3) What mechanisms are available for handling block/record types, or options, not currently supported by pcapng, but that might be provided by other file types? Hadriel Kaplan suggested getting a Private Enterprise Number (PEN) for wireshark.org, and using custom blocks and options for this purpose; have we gotten a PEN for wireshark.org yet?
4) The existence of wtap_file_get_shb() seems to imply that a file has *a* Section Header Block, but a pcapng file could have multiple SHBs; we don't currently support that, but we should be prepared to do so in the future.
A file can also have multiple Name Resolution Blocks as well; as the pcapng specification says:
Multiple NRBs can exist in a pcapng file, either due to memory constraints or because additional name resolutions were performed by file processing tools, like network analyzers.
so we should not have routines that assume a single NRB. Perhaps the routines in question should take an array of NRBs - combining the NRBs into a single table would lose information about which names were resolved by which name servers.
