Re: Request for new DLT

[Pascal Quantin <pascal.quantin () gmail com>]

Hi Michael,

Le 23/05/2013 20:03, Michael Richardson a écrit :
> > > > > > "Anders" == Anders Broman <anders.broman () ericsson com> writes:
>     Pascal> Anders can describe it better than me, but the format
>     Pascal> intends to be versatile.It allows you to export any higher
>     Pascal> level PDUs in a pcap file while maintaining some basic
>     Pascal> information about the lower layers 
>
> So, how are the higher level PDUs going to be described?
> that is, will you have a recursive DLT value, or what exactly?
Right now the dissector to be used for each high level PDU is given in
the header, using the EXP_PDU_TAG_PROTO_NAME tag (see
https://anonsvn.wireshark.org/viewvc/trunk/epan/exported_pdu.h?view=markup&pathrev=49446).
You do have one TLV structure per PDU, giving the protocol name and
optionally the context (like port number, IP address,...).
>     Pascal> (like the transport one). The current code sample in
>     Pascal> Wireshark is for SIP protocol, but could be extended to any
>     Pascal> protocol if there is a need. With a DLT allocated, it would
>     Pascal> allow the feature to work out of  
>
> I'd rather have it be rather specific and well defined, then loose and
> nebulous.  DLTs already require too much specialized knowledge to
> decode as it is.
Regarding the definition, the TLV structure seems rather well defined to
me and does not intend to be nebulous (sorry if this is the way my
sentence sounded). Or maybe I missed what you meant.

Best regards,
Pascal.

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers