Re: New official link-layer type request

[Guy Harris <gharris () sonic net>]

On May 18, 2019, at 3:05 PM, Damir Franusic <damir.franusic () gmail com> wrote:

> I know it's extensible but ELEE is used for different purpose

LINKTYPE_ELEE is used for the *same* purpose as pcapng - recording timestamped network events, and metadata for those 
events and for the capture process, in a file.

"Target PDUs" with a subtype of "Content of Communication", and that just contain raw packet data (as opposed to the 
ASN.1 stuff I asked about in an earlier message) are just pcapng Enhanced Packet Blocks:

        the target identifier and sequence number in the Target PDU header would be options;

        the timestamp would either just be the block's timestamp (and, unlike ELEE with its 32-bit Timestamp_sec, would 
work past Y2.106K);

        the "target activity flag for CC data", "handover connection name for CC data delivery", "destination directory 
for CC data delivery used only for file system based connections" (if relevant here), "target aggregation factor for CC 
data delivery", "communication identifier Operator Id", "communication identifier Network Element Id", and 
"communication identifier Number" would also be options.

"Target PDUs" with a subtype of "Content of Communication" that contain that ETSI-specified ASN.1 data would be a new 
block type, using the same options as the new EPB options;

"Target PDUs" with a subtype of "Intercept Related Information (IRI)" would be one or more new block types, depending 
on whether to have a single block type for all of them, possibly using options.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers