Re: Request for new DLT number

[Gianluca Varenni <Gianluca.Varenni () riverbed com>]

This is what PPI does. 

http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf

There is already a DLT for PPI (DLT_PPI). The only difference from your solution is that the minimum header before the 
packet is 8 bytes (instead of 4). The advantage is that Wireshark already supports this DLT.

Have a nice day
GV

-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org [mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of 
Darren Reed
Sent: Tuesday, December 28, 2010 7:02 PM
To: tcpdump-workers () lists tcpdump org
Subject: [tcpdump-workers] Request for new DLT number

I've been looking through all of the DLT decoders looking for one that has just the DLT number in the header but I 
couldn't find one. Is there an existing DLT that matches this description?

Otherwise, I'd like to request DLT_DLT (or something like that) be allocated to represent a 4 byte (network order) 
integer value that describes the DLT of the following data.

In pcap files, it would roughly translate to the following being possible:

[pcap file header, dlt = DLT_DLT]
[pcap header with time stamp]
[4 bytes, = DLT_EN10MB]
[ethernet packet]
[pcap header with time stamp]
[4 bytes, = DLT_PPP]
[ppp packet]

Yes, I understand that "next gen pcap" can do this, no I don't want to use "next gen pcap" because that amount of 
change is just too big.

Darren

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.