Re: New DLT_ value request

[Guy Harris <guy () alum mit edu>]

Will Barker wrote:
> > What is the format of the extra information you'll be putting at the 
> > beginning of the {PPP, Cisco HDLC, Frame Relay, LAPB} packets to hold 
> > the packet direction?  (Number of bytes, values to be put there, etc.)
>
> It should just be akin to the pseudo header used for generic p2p links e.g.
>
> /* Packet "pseudo-header" for point-to-point links with direction flags. */
> struct p2p_phdr {
>         gboolean        sent; /* TRUE=sent, FALSE=received */
> };

That'd be a 32-bit pseudo-header; should the rule be just "zero means 
received, non-zero means sent", or should a specific value mean "sent" 
(which means we'd then have to decide whether the header is big-endian 
or little-endian)?

> > > In addition is it acceptable to have one further value defined for our 
> > > own proprietary encapsulation type?
>
> > By "proprietary" do you mean you'll be using this only internally within 
> > your company, with special internal versions of tcpdump/Wireshark/etc. 
> > or special internal-only Wireshark plugins, or do you mean you'll be, 
> > for example, submitting a dissector for that encapsulation for inclusion 
> > in Wireshark?
>
> The latter (submitting a dissector for that encapsulation for inclusion in
> Wireshark)

So what's the header for your encapsulation type?
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.