Re: New DLT_ value request

["Will Barker" <w.barker () zen co uk>]

> ...and 4 bytes long, as per the earlier discussion, or just 1 byte (or  
2 bytes)?

We may as well make it just 1 byte since it only can specify 2 alternative
values!

> So what's the format of the packet data in your proprietary  
encapsulation type?

This is still to be confirmed - I was only trying to get the value
in-place/reserved following your comment "ask ASAP, so I can try to get it
into libpcap 1.0". If this is a problem then we'll have to leave it for now.

Will

-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org
[mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Guy Harris
Sent: 20 December 2007 01:24
To: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] New DLT_ value request


On Dec 18, 2007, at 2:46 AM, Will Barker wrote:

> OK - can we go for:
>
> "zero means received, non-zero means sent"

...and 4 bytes long, as per the earlier discussion, or just 1 byte (or  
2 bytes)?

> > Hopefully by "version-specific" you don't mean "specific to the  
> > versions
> > of libpcap and Wireshark", but instead mean that one field in the  
> > header
> > would be a version number, so that you won't, for example, have the
> > information change in such a way that one version of Wireshark can't
> > read the files from a mismatched version of libpcap.
>
> I was not thinking of producing anything that wasn't backward  
> compatible -
> but I agree - there should be no version field - we won't need it.

So what's the format of the packet data in your proprietary  
encapsulation type?
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.