Wireshark-dev: Re: [Wireshark-dev] [pcap-ng-format] Proposal for storing decryption secrets in
Date Prev · Date Next · Thread Prev · Thread Next
From: Michael Richardson <[email protected]>
Date: Sun, 30 Sep 2018 19:43:04 -0400
Peter Wu <[email protected]> wrote:
    > Requirements for block placement:
    > - No requirement. Producers are allowed to write the block anywhere.
    > Disadvantages for consumers: requires a two-pass scan to collect
    > secrets before they are used.

I prefer this, but I would support having a flag in the block that
says that no other blocks exist in the file until at least X-bytes.

So, a producer (or something downstream of it), could scan for the
blocks, move them to the front, and indicate how far into the file it cover.
Naturally, if X >= file size, then the work is done.

    > - Place secrets before the packet blocks that require them. Consumers
    > can read and decrypt in one pass. Disadvantage: producers cannot
    > always guarantee availability of secrets while writing the capture.

    > - Place a single secret block before the first packet block. Consumers
    > can read and decrypt in one pass. Disadvantage: requires producers to
    > post-process (rewrite) the capture file to insert secrets.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [email protected]  http://www.sandelman.ca/        |   ruby on rails    [