tcpdump mailing list archives
Re: New DLT_ type request
From: Timotej Ecimovic via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Thu, 6 Jan 2022 14:03:19 -0500
--- Begin Message --- From: Timotej Ecimovic <timotej.ecimovic () silabs com>
Date: Thu, 6 Jan 2022 14:03:19 -0500
On 1/6/22 1:22 PM, Guy Harris wrote:Correct. The "packet" inside the PCAP files will only include the payload that is wedged between `[`, the two length bytes, and the `]`.CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Jan 5, 2022, at 6:53 PM, Timotej Ecimovic <timotej.ecimovic () silabs com> wrote:No. Like the document describes: tooling that deals with deframing is expected to remove the starting `[`, the ending `]` and the 2 byte length right after the `[`. In case of creating a PCAPNG file out of this stream, the payload of the packet blocks will NOT contain the framing. So the "packet" starts with the debug message.I.e., in LINKTYPE_SILABS_DEBUG_CHANNEL files, the packet doesn't include the '[', the length value, or the ']'?As far as PCAP files are concerned, this whole debate about framing is just "informative", and might be helpful for people who will attempt to understand how the TCP/IP stream of this incoming data turns into individual "packets" inside PCAP files.We also have tooling that are NOT performing deframing, but simply record raw streams of data. If someone encounters those files, then this framing information will help them convert those raw binary files into PCAP files.I will make this more explicit in the document. It was clearly a bit confusing.Yes. The version. If the version is 3, then these are "Undefined, reserved for future use". If the version becomes greater than 3, then these may develop meaning.What do the bits in the "Flags" field of the 3.0 debug message mean? Does "few bytes of future-proofing flags" mean that there are currently no flag bits defined, so that the field should always be zero, but there might be flag bits defined in the future?They mean. "Reserved for future use". The value currently can be arbitrary and until someone defines values for them, they have no meaning. I'll make this more specific in the doc.So is there something in the debug message to indicate whether the field has no meaning and should be ignored, or has a meaning and should be interpreted?
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- New DLT_ type request Timotej Ecimovic via tcpdump-workers (Jan 05)
- Re: New DLT_ type request Guy Harris via tcpdump-workers (Jan 05)
- Message not available
- Re: New DLT_ type request Timotej Ecimovic via tcpdump-workers (Jan 05)
- Message not available
- Message not available
- Re: New DLT_ type request Guy Harris via tcpdump-workers (Jan 06)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: New DLT_ type request Timotej Ecimovic via tcpdump-workers (Jan 06)
- Message not available