Re: N in 1 packets

[Guy Harris <guy () alum mit edu>]

On Dec 11, 2011, at 2:21 PM, Akos Vandra wrote:

> I thought I will decode these timestamp messages, and use them to
> construct the pcap_pkthdr structure's ts field, as the arrival time
> cannot be manipulated later from within a dissector

That's probably the best thing to do.  "X us have passed" probably aren't, in and of themselves, interesting events.

> What do you mean I have to provide a description of the messages? They
> just contain the message source ID (there are multiple trace sources
> within the trace peripheral for hardware messages, software
> (printf-like) messages, and instruction tracing), and the message raw
> data, nothing special.

Then you'd say that a message consists of an n-byte message source ID in whatever byte order it's in if n > 1, followed 
by some number of bytes of payload; a reference to an ARM document, even if you have to be a Registered Customer to see 
it, would suffice as a description of the payload.  Presumably the number of bytes of payload would be the total packet 
length minus the length of the message source ID.

See

        http://www.tcpdump.org/linktypes.html

for examples of how link-layer header types are described.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe