tcpdump mailing list archives

Re: proposed new pcap format

From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Wed, 24 Mar 2004 10:10:24 -0500

-----BEGIN PGP SIGNED MESSAGE-----

"Darren" == Darren Reed <darrenr () reed wattle id au> writes:

    >> This is what I would propose as revision.
    >> Note that the pcap1_packet_header is present on every packet. One can
    >> merge pcap files together with "cat" if one likes.
    >> 
    >> A suggestion was made to accomodate the nano-second resolution from AIX.
    >> Can you tell me what they do for that? just more bits, sure, but is
    >> there a nano-seconds (32-bits, I guess) + seconds (64 bits?).
    >> 
    >> 
    >> enum pcap1_info_types {
    >> PCAP_DATACAPTURE,
    >> PCAP_TIMESTAMP,
    >> };

    Darren> Can I please also ask for a PCAP_PRIVATE that is as follows:

the intention is that tools will skip/copy types they don't understand,
and that the list will be open to extension. Probably the actual 4-byte
encodings of the types will be 4-printable characters whenever
possible.

    Darren> struct pcap1_info_private {
    Darren> char pinfo_guid[4+2+2+8];
    Darren> char pinfo_data[0];
    Darren> }

  Sure, but what is it for?
  If it is private, do you want to tell us :-)

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr () xelerance com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQGGk3oqHRg3pndX9AQEVFQP+K6oOloT/iz3/+ceXo4+zEaKHT3pAppdM
mDTitFv61P8mSoJF4zW9AXK0NAvMSIu9IjhDf0nEJKAUj6+ELg3cfXeVMDJyFCZV
C0f6uMWup+QkeaEdv3brCAOwetOzu7qAhLpvoP+NZFEl9P/6CcdZmBB+tXsTJoYa
zcvNEZsTxpA=
=Q2jZ
-----END PGP SIGNATURE-----
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

Re: proposed new pcap format, (continued)
- - - Re: proposed new pcap format Guy Harris (Mar 24)
    - Re: proposed new pcap format Darren Reed (Mar 24)
    - Re: proposed new pcap format Guy Harris (Mar 24)
    - Re: proposed new pcap format Hannes Gredler (Mar 24)
  - Re: proposed new pcap format Michael Richardson (Mar 24)
- Re: proposed new pcap format Jefferson Ogata (Mar 23)
  - Re: proposed new pcap format Michael Richardson (Mar 24)
    - Re: proposed new pcap format Darren Reed (Mar 24)
    - Re: proposed new pcap format Michael Richardson (Mar 25)
- Re: proposed new pcap format Darren Reed (Mar 24)
  - Re: proposed new pcap format Michael Richardson (Mar 24)
    - Re: proposed new pcap format Darren Reed (Mar 24)
    - Re: proposed new pcap format Guy Harris (Mar 24)
    - Re: proposed new pcap format Darren Reed (Mar 24)
    - Re: proposed new pcap format Michael Richardson (Mar 24)
    - Re: proposed new pcap format Darren Reed (Mar 25)
    - Re: proposed new pcap format Richard Sharpe (Mar 25)
    - --enable-ipv6 Error You must get working getaddrinfo() function murugesan (Mar 26)
    - Re: proposed new pcap format Richard Sharpe (Mar 26)
    - Re: proposed new pcap format Michael Richardson (Mar 25)
- Re: proposed new pcap format Christian Kreibich (Mar 24)