On Oct 10, 2011, at 11:41 AM, Bill Meier wrote:
> --> packet-gmhdr.c
Presumably ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN, as:
1) presumably they knew what they were doing, and their dissector works, and ENC_TIME_TIMESPEC is 0, as is ENC_BIG_ENDIAN, so FALSE = ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN
and
2) their other fields are, apparently, big-endian.
It would be Really Swell if the fine folks at Gigamon were to document their header's format online, and not require a customer login to get at the document, so we could put a URL for it into the dissector - or, if they've already done that, make it clearer where it is - especially given they were so happy to have an open source program support it:
http://www.gigamon.com/wireshark-update-for-gigasmart
> -->packet-netflow.c
Probably ENC_TIME_TIMESPEC|ENC_BIG_ENDIAN, as the other ntop fields appear to be big-endian, and Luca is, I think, a UN*X type, and for reason 1) in the previous item. I'm not sure where, if anywhere, they document them.
> -->packet-reload.c
All the RELOAD stuff is in I-Ds, so one would expect network byte order, and, in fact, draft-ietf-p2psip-base-18 says "All integers are represented in network byte order.", and draft-ietf-p2psip-diagnostics-06 says the times are in NTP format, so it'd be ENC_TIME_NTP|ENC_BIG_ENDIAN.
