On Tue, 1 Jul 2003, Martin Regner wrote:
> Jeff Morris wrote:
> >What he's got now is a PCAP file format where each packet has a "fake
> >link" header on it that specifies the lowest-level protocol. This seems
> >quite flexible to me--although I suppose that the format of the header
> >needs to be stable before the file type is allocated.
> >
Hmmm, I am not sure that we should use fake link headers. Rather, we
should define a separate DLT value for packets that come in without lower
layer headers.
However, a further issue is that at any future time, people might want to
create a capture file of only some higher layer PDUs, like, for example
SMB PDUs without any link layer, network layer or transport layer headers.
Having a flexible scheme to deal with this would be useful.
>
> I have a similar need to get packets of different higher level
> protocols dissected by Ethereal. In one capture file I want to have
> packets with several different high level protocols (H.225, H.245, SIP,
> MTP3, ...), so I have been thinking of using something similar to
> Navin's "fake link" dissector.
> However I also want to have possibilities to store some extra data in
> some cases - so I have been thinking of having
> some kind of Tag/Length/Value scheme for optional data per packet.
I would like to define a DLT-type that allows TLVs or name value pairs as
its content, where perhaps one of the TLVs or NVPs contains the data.
Perhaps we could include flags like link-hdr=not-present, next-type=IP,
network-hdr=not-present, next-type=tcp, transport-hdr=not-present,
next-type=SMB ...
Regards
-----
Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org,
sharpe[at]ethereal.com, http://www.richardsharpe.com
