[pcap-ng-format] Plans to finalize pcap-ng 1.1 spec during July

[Richard Sharpe]

Hi folks,

It seems that we will have the spec and the ntar code available at
winpcap.org soon:

> Regarding SVN access, Gerald and I discussed about it, and he kindly offered to help me
> setting up an SVN repository for both NTAR and the pcap-ng specification on the winpcap.org
> website. It will be possible to get read-only anonymous access to these repos, as well as
> read+write authenticated access. The plan to have it in place within a couple of weeks.

That being the case, I would like to make two changes to the spec and
then release 1.1 towards the end of July or early August. Since the
draft version specifies that it is 1.0, there are captures out there
that claim to be version 1.0 captures, so we have to rev the spec to
make any changes.

1. Specify that the block total length must be a multiple of four.
This allows simple minded parses to skip blocks they don't understand
without having to do any work. This aspect is ambiguous, I believe, in
the draft spec. It states that the contents of the block must be
aligned to 32 bits but the wording for the block total length does not
stipulate that, and there are example captures where the length is
two-byte aligned.

2. Specify that the mechanism for proposing changes to the spec involves:

  a. Posting proposal to the pcap-ng-format mailing list,
  b. Including patches against ntar, the reference implementation, to
parse the extensions,
  c. A list of spec maintainers (there seems to be two people who are
interested so far, Jasper Bongertz and myself.)

In accordance with the above, I will patch ntar to handle the change
and will provide patches to the Wireshark libwiretap to handle the new
format.

However, I wonder if we should simply issue a final 1.0 version of the
spec with just the changes to specify a mechanism for changing the
spec?

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)