[pcap-ng-format] The "scope" of the Name Resolution Block

[Hadriel Kaplan]

Is the NRB scoped to the SHB section, or the whole file?

Currently the draft does not say much about the "scope" of the Name
Resolution Block - i.e., does it represent the addr->name list for all
packets in the entire file, or only within its SHB section? My
impression from what it does say is it's for the whole file. But the
answer affects things in subtle ways.

If its scope is the whole file:

- Then concatenating files as a form of merging is not "safe". You'd
be affecting the name resolution of other files' packets.
- Then you could never add an option to the NRB which identified IDBs,
since they reset at each new SHB.


If its scope is only the local SHB section:

- Then as a capture device, you'd have to repeat it for each section
in a file, if you add new sections (due to things like interfaces
going away or their local IPs changing due to DHCP, since the only
means we have of doing that is by adding SHBs).


I personally don't care which way it is - I would just like to clarify
it in the doc. (and for the purpose of handling it correctly in
Wireshark)

-hadriel