[pcap-ng-format] Issue #32: Is an empty option/record string valid?
Jasper Bongertz
jasper at packet-foo.com
Wed Aug 26 19:49:09 UTC 2015
I also say it's valid if empty.
And I'd go for "capturing host doesn't know the host name". I've
always interpreted the NRB to be a "helper" for name resolution when
the program reading the file has no access to the DNS that could
answer PTR queries as if it were still at the capture location. That
may be interpreted as "if there's no host name, keep it that way",
because the local DNS may have a different answer (e.g. when looking
up private IPs that are present in both networks but have nothing in
common9
My 2 cents :-)
on Mittwoch, 26. August 2015 at 20:34 you wrote:
> On Aug 26, 2015, at 10:43 AM, Hadriel Kaplan
> <the.real.hadriel at gmail.com> wrote:
>> For example just a zero byte for the nrb_record_ipv4/v6 name string
>> portions; or not even a zero byte for something like opt_comment or
>> if_description.
>>
>> my 2 cents: I would argue they are valid.
> Yes.
> They might be *pointless* - a zero-length if_description would be
> equivalent to not *having* an if_description - but "pointless" doesn't imply "invalid".
> Is an NRB record with a zero-length host name just an indication
> that the capturing host doesn't know the host name, or should it be
> treated as an indication that a program reading the file shouldn't
> try to resolve the IP address in question?
> _______________________________________________
> pcap-ng-format mailing list
> pcap-ng-format at winpcap.org
> https://www.winpcap.org/mailman/listinfo/pcap-ng-format
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4015 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.winpcap.org/pipermail/pcap-ng-format/attachments/20150826/369b69a0/attachment.bin>
More information about the pcap-ng-format
mailing list