On Thu, Mar 07, 2002 at 01:31:36PM -0800, Guy Harris wrote:
> This leaves it vulnerable to misreading old libpcap capture files, but
> libpcap has used a version of 4 going back at least as far as the last
> LBL release, the 0.4 release, so I suspect a file with a version number
> of 2 is more likely to be an AIX capture file than an old libpcap
> capture file.
Besides, 6, 9, and 15 correspond to DLT_ values of
DLT_IEEE802, used for Token Ring in post-LBL versions of
libpcap;
DLT_PPP;
DLT_SLIP_BSDOS, which I infer from the v0.4 entry in the CHANGES
file was introduced in libpcap 0.4:
v0.4 Sat Jul 25 12:40:09 PDT 1998
...
- Modified to support the new BSD/OS 2.1 PPP and SLIP link layer header
formats.
so the additional check for those three link-layer type values could
reduce the vulnerability to misreading. It wouldn't necessarily
*eliminate* it, given that DLT_PPP might have been there since the
beginning, and old PPP captures might be misread.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
