Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 41118: /trunk/wiretap/ /trunk/wireta

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 21 Feb 2012 16:13:52 -0800
On Feb 21, 2012, at 8:32 AM, tuexen@xxxxxxxxxxxxx wrote:

> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=41118
> 
> User: tuexen
> Date: 2012/02/21 08:32 AM
> 
> Log:
> When writing an option in an IDB, also write an endofoption option.

...which is redundant, as any code that reads a pcap-NG file needs to at least avoid running past the end of the block, and thus could determine the end of the option list based on the block length; as section 2.5 "Options" in the pcap-NG spec says:

> Skipping all the optional fields at once is straightforward because most of the blocks are made of a first part with fixed format, and a second optional part. Therefore, the Block Length field (present in the General Block Structure, see Section 2.1) can be used to skip everything till the next block.

There's no harm in writing the end-of-option-list option, but, as noted, we can't rely on its presence (the spec doesn't appear to require it, so we probably shouldn't reject blocks that lack it).

I'll raise that as an issue with the pcap-NG folks.  (My inclination is to deprecate it - even if it's required you *still* need to robustly handle files that lack it, to avoid crashes or worse, and once you're robustly handling it, it's no longer necessary.)