Re: Adding support for a new PCAP-NG block

[Guy Harris <guy () alum mit edu>]

On Jan 19, 2018, at 12:24 AM, Guy Harris <guy () alum mit edu> wrote:

> On Jan 17, 2018, at 4:47 AM, Paul Offord <Paul.Offord () advance7 com> wrote:
>
> > I want to make a start on the plan below.  Last night I took a look at the relevant code.
> >
> > I started by adding support for TSDBs into the function pcapng_open(…) in pcapng.c
>
> The *first* thing to do is to start by either
>
>       1) getting an official block type value from pcap-ng-format () winpcap org
>
> or
>
>       2) getting a Private Enterprise Number from the IANA and using a custom block:
>
>               
> http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.4.7

Or

        3) using a "reserved for local use" block type:

                
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.11.1

but bear in mind that the standard Wireshark releases will never include built-in support for any "reserved for local 
use" block type, and there is no guarantee that somebody else won't use the same "reserved for local use" type, so that 
should be used only for types that 1) you're only going to use at your site or 2) that you're experimenting with prior 
to getting an official block type value or getting a Private Enterprise Number and using a custom block.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe