Re: [tcpdump] Sanity check on major/minor libpcap version

[Michael Richardson <mcr () sandelman ca>]

Guy Harris <guy () alum mit edu> wrote:
    > We might also want to, if major == PCAP_VERSION_MAJOR, make sure minor
    > <= PCAP_VERSION_MINOR, just in case somebody does a pcap 2.5 that code
    > that only knows up to version 2.4 can't handle.

I thought that we'd have to call that 3.0...

In my mind, a minor version mismatch (even one newer) might result in some
bits being ignored (for instance, a TBD very very high precision timestamp data
might be lost), but shouldn't result in any mis-handling.

In any case, I'd like to push for pcapng as default...

    > We also have a special case for a major version of 543, which was the
    > bright idea of somebody at Data General:

    >    * In addition, DG/UX tcpdump writes out files with a version *
    > number of 543.0, and with the caplen and len fields in the * pre-2.3
    > order.

    > and we should continue to handle that.

okay... and should we add some fprintf()s there too :-)

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr () sandelman ca  http://www.sandelman.ca/        |   ruby on rails    [

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers