Re: [tcpdump-workers] New official link-layer type request

Sun, 12 May 2019 01:36:06 -0700 

Hi
I have read the specs for pcapng but then again I would have have to use The Simple Packet Block (SPB) or An Enhanced Packet Block (EPB) and that would not solve my problem because of this: 



Packet Data: the data coming from the network, including link-layer 
headers. ......The format of the data
within this Packet Data field depends on the LinkType field specified in 
the Interface Description Block
(see Section 4.2 
<http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#section_idb>) 
and it is specified in the entry for that format in the tcpdump.org 
link-layer header types registry <http://www.tcpdump.org/linktypes.html>.




As I mentioned earlier, not all data is network packet data and when we 
send that LI specific event
data, there is no LinkType for that and that's why I'm asking for a new 
DLT to cover all this. Then I can
carry both encapsulated network data (tshark CC example) and unrelated 
LI event (tshark IRI example).




I will create a specification for ELEE (started already), no problem, I 
just wouldn't want to work on it if I get rejected

in the end because of not being clear what I need it for.



On 5/12/19 12:42 AM, Michael Richardson wrote:

Guy Harris <ghar...@sonic.net> wrote:
     > pcapng has a specification:

     > 
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii

     > and it *does* list the block type values, and formats, for existing
     > block types, and the option number values, and formats, for existing
     > options, but that does *not* prevent it from being extensible; as new
     > block types or options are added, the specification is updated.

Also, it might be that pcapng would actually be a really good container for
your work rather than inventing yet-another-TLV.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     m...@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [


--
Damir Franusic

email: damir.franu...@gmail.com
http://ele2.io/

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers


























					Reply via email to