Link Layer Type Request NETANALYZER_NG

[Jan Adam via tcpdump-workers <tcpdump-workers () lists tcpdump org>]

> --- Begin Message ---
>
>
> From: Jan Adam <JAdam () hilscher com>
>
> Date: Mon, 15 Mar 2021 16:04:44 +0000
>
> > Can the variable be anything *other* than a packet of some sort?
>
> There are only the mentioned 5 representations planned for pcap files since this is what our capture device may capture 
> into a pcap file. The representation gives at least the ability to extend in the future. Do you have anything specific 
> in mind?
>
>
> > only packets of various types, but I was reading "variable" in the programming language sense, rather than in the 
> > sense that the total content has a "fixed part", that being the trailer, and a "variable part", that being the packet 
> > preceding the trailer.  Is the latter the sense in which the word "variable" should be understood?
>
> Yes it is the latter sense! I see there is a potential for misunderstanding so I renamed the "variable"-fields that 
> actually refer to the payload and also adjusted the description accordingly.
> https://kb.hilscher.com/x/brDJBw
>
>
> > It also appears that the boundary between the payload and the trailer would be determined by fetching the VarSize 
> > field at the end of the trailer.  The first VarSize bytes of the data would be the payload, and the remaining 
> > sizeof(footer) bytes would be the trailer.  Is that the case?
>
> This is also correct. The remaining bytes of incl_len - VarSize is the footer size.
> Some fields of the footer (like the ID) may seem to be redundant and not of much purpose in the wireshark or tcpdump 
> context but we use the footer structure everywhere in our software stack. This way we eliminated converting structures 
> between different parts of our software when dealing with captured data.
>
>
> > This also means that NETANALYZER_NG data must *not* be cut off at the end by any "slicing" process, such as capturing 
> > with a "slice length"/"snapshot length".  Is it possible that the frame in the payload is "sliced" in that fashion?
>
> Slicing a captured packet is not supported by our capturing device.
>
> Hilscher Gesellschaft für Systemautomation mbH   |  Rheinstrasse 15  |  65795 Hattersheim  |  Germany  |  
> www.hilscher.com<http://www.hilscher.com>
> Sitz der Gesellschaft / place of business: Hattersheim  |  Geschäftsführer / managing director: Sebastian Hilscher, 
> Hans-Jürgen Hilscher
> Handelsregister / commercial register: Frankfurt B 26873  |  Ust. Idnr. / VAT No.: DE113852715
> Registergericht / register court: Amtsgericht Frankfurt/Main
>
> Important Information:
> This e-mail message including its attachments contains confidential and legally protected information solely intended 
> for the addressee. If you are not the intended addressee of this message, please contact the addresser immediately and 
> delete this message including its attachments. The unauthorized dissemination, copying and change of this e-mail are 
> strictly forbidden. The addresser shall not be liable for the content of such changed e-mails.
>
> Wichtiger Hinweis:
> Diese E-Mail einschließlich ihrer Anhänge enthält vertrauliche und rechtlich geschützte Informationen, die nur für den 
> Adressaten bestimmt sind. Sollten Sie nicht der bezeichnete Adressat sein, so teilen Sie dies bitte dem Absender 
> umgehend mit und löschen Sie diese Nachricht und ihre Anhänge. Die unbefugte Weitergabe, das Anfertigen von Kopien und 
> jede Veränderung der E-Mail ist untersagt. Der Absender haftet nicht für Inhalte von veränderten E-Mails.
>
> --- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers