[ntar-workers] Simple packet block
Guy Harris
guy at alum.mit.edu
Fri Jul 1 06:19:46 GMT 2005
Gianluca Varenni wrote:
> Uhm, maybe I didn't understand your reasoning...
>
> ...when I implemented ntar, I used the "end of option" option (i.e. 4
> 0-bytes) only when "real" options do exist. If a block does not have
> options, nothing is written after the data (i.e. no 4 0-bytes).
OK, so if there are no options, you don't even have those extra 4 bytes
of 0.
> I'm almost sure this is how some network protocols do with their options,
> but I don't remember which one(s).
It is, and it complicates Ethereal dissectors, because, as noted, the
dissector has to check to make sure it doesn't run past the end of the
packet (or of the IP or TCP header) when processing options, *and* has
to check for the "end of options" indication.
I was saying that, given that the code to read NTAR files has to check
whether it runs past the end of the record *anyway* (so that it catches
malformed records that have no end-of-option option, rather than just,
for example, running past the end of the buffer for the record), it
might as well just use *that* as the way to determine the end of the
options, given that the options are at the end of the record. It's
simpler to just check for the end of the record than to check for the
end of the record and for the end-of-options record. (It also saves 4
bytes in packets that *do* have options.)
More information about the ntar-workers
mailing list