tcpdump mailing list archives
Re: New official link-layer type request
From: Damir Franusic <damir.franusic () gmail com>
Date: Sun, 12 May 2019 10:35:11 +0200
HiI have read the specs for pcapng but then again I would have have to use The Simple Packet Block (SPB) or An Enhanced Packet Block (EPB) and that would not solve my problem because of this:
Packet Data: the data coming from the network, including link-layer headers. ......The format of the data within this Packet Data field depends on the LinkType field specified in the Interface Description Block (see Section 4.2 <http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#section_idb>) and it is specified in the entry for that format in the tcpdump.org link-layer header types registry <http://www.tcpdump.org/linktypes.html>.
As I mentioned earlier, not all data is network packet data and when we send that LI specific event data, there is no LinkType for that and that's why I'm asking for a new DLT to cover all this. Then I can carry both encapsulated network data (tshark CC example) and unrelated LI event (tshark IRI example).
I will create a specification for ELEE (started already), no problem, I just wouldn't want to work on it if I get rejected
in the end because of not being clear what I need it for. On 5/12/19 12:42 AM, Michael Richardson wrote:
Guy Harris <gharris () sonic net> wrote:
> pcapng has a specification:
>
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii
> and it *does* list the block type values, and formats, for existing
> block types, and the option number values, and formats, for existing
> options, but that does *not* prevent it from being extensible; as new
> block types or options are added, the specification is updated.
Also, it might be that pcapng would actually be a really good container for
your work rather than inventing yet-another-TLV.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
] mcr () sandelman ca http://www.sandelman.ca/ | ruby on rails [
-- Damir Franusic email: damir.franusic () gmail com http://ele2.io/ _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Re: New official link-layer type request, (continued)
- Re: New official link-layer type request Damir Franusic (May 17)
- Re: New official link-layer type request Guy Harris (May 17)
- Re: New official link-layer type request Damir Franusic (May 17)
- Re: New official link-layer type request Michael Richardson (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Message not available
- Re: New official link-layer type request Damir Franusic (May 11)
- Re: New official link-layer type request Guy Harris (May 11)
- Re: New official link-layer type request Damir Franusic (May 11)
- Message not available
- Re: New official link-layer type request Damir Franusic (May 12)
- Re: New official link-layer type request Michael Richardson (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 18)
- Re: New official link-layer type request Guy Harris (May 18)
- Re: New official link-layer type request Damir Franusic (May 19)
- Message not available
- Re: New official link-layer type request Guy Harris (May 18)
- Message not available
- Re: New official link-layer type request Guy Harris (May 18)