https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4014
--- Comment #25 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2010-09-16 12:22:09 PDT ---
(In reply to comment #23)
> I wouldn't call it a bug per-se, as RFC 792 (ICMP) basically says to use
> whatever can be matched up on the sending host when the echo reply comes back.
> I don't think Wireshark was thought of in September 1981 when Jon Postel wrote
> that RFC :-)
This has been discussed before. Now I'm not the authoritative expert on RFC
792; however, my reading of the first paragraph from that RFC indicates that
ICMP should use Big-Endian for its multi-byte fields. I base that specifically
on this statement:
ICMP, uses the basic support of IP as if it were a higher
level protocol, however, ICMP is actually an integral part of IP, and
must be implemented by every IP module.
So if ICMP is actually an integral part of IP as they say, and Appendix B of
RFC 791 dictates Big-Endian for IP, then it stands to reason that ICMP MUST use
Big-Endian as well, would it not? Well that's my interpretation.
> NetBSD's rationale of changing this from getpid() in CVS revision 1.76 of
> ping.c was "do not disclose endian" back in 2004.
But if they had instead used, "ident = htons(getpid() & 0xFFFF);", then
endian-ness would not have been disclosed.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
