On Nov 1, 2023, at 2:49 AM, Jaap Keuter <jaap.keuter@xxxxxxxxx> wrote:
> There’s a recent issue raised on a mismatch between the pcapng spec and Wireshark interpretation of it. The issue revolves around the unit used for the If_fcslen option in the pcapng file format.
> The Wireshark issue is here: https://gitlab.com/wireshark/wireshark/-/issues/19174
> Apparently this was already identified in 2019, by Guy in the pcapng specification.
> The pcapng issue is here: https://github.com/IETF-OPSAWG-WG/draft-ietf-opsawg-pcap/issues/60
> However, this was never resolved, as in, a conclusion was never reached.
> How should we progress with this, now that it has become a noticed problem? Guy, do you have additional insights since the initial report from 2019?
It should be resolved by making Wireshark conform to the pcapng specification.
That has been done in the main branch in
https://gitlab.com/wireshark/wireshark/-/merge_requests/13003
and in the 4.2 branch in
https://gitlab.com/wireshark/wireshark/-/merge_requests/13004
and in the 4.0 branch in
https://gitlab.com/wireshark/wireshark/-/merge_requests/13005
and in the 3.6 branch in
https://gitlab.com/wireshark/wireshark/-/merge_requests/13008