Re: New official link-layer type request

[Guy Harris <gharris () sonic net>]

On May 12, 2019, at 1:28 PM, Damir Franusic <damir.franusic () gmail com> wrote:

> I've tried to be as prompt and as accurate as possible so here is the draft, I hope you'll appreciate the effort. I 
> agree
> that the initial thing I sent was an abomination. I will work on this draft as the project progresses, but for now, 
> it covers
> everything implemented so far.
>
> http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=http://socket.hr/draft-dfranusic-elee-00.xml&modeAsFormat=html/ascii

Currently, the spec says that in a "Target PDU with CC data", the "Data size" field is the "Size of CC data encoded 
using the value from Df_type field (UINT32 field)" and the "Data" field is the "Raw CC packet data".

The "Df_type" field has values:

        0x01    Libpcap File Format (PCAP)
        0x02    ASN.1 Basic Encoding Rules (BER)
        0x03    ELEE Encapsulation

What do those values mean in this context?

For a value of 0x01, does that mean that the "Raw CC packet data" contains a pcap record:

        https://www.tcpdump.org/manpages/pcap-savefile.5.html

with a time stamp, captured data length, and on-the-network data length, followed by packet data?  If so, what 
indicates the time stamp resolution and the link-layer type of the packet data?

Presumably 0x02 means BER-encoded ASN.1 data according to some ETSI specification, as per

> The format of that delivery if defined by ETSI; they describe everything in great detail by using ASN.1 notation 
> which is then encoded using
> BER when sent by wire.

What ETSI specification is that?

And what does 0x03 mean?  If it's an "ELEE Encapsulation", it would presumably need to be defined by the ELEE spec 
itself, but it's not currently defined in that spec.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers