On Jan 19, 2018, at 12:24 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> On Jan 17, 2018, at 4:47 AM, Paul Offord <Paul.Offord@xxxxxxxxxxxx> wrote:
>
>> I want to make a start on the plan below. Last night I took a look at the relevant code.
>>
>> I started by adding support for TSDBs into the function pcapng_open(…) in pcapng.c
>
> The *first* thing to do is to start by either
>
> 1) getting an official block type value from pcap-ng-format@xxxxxxxxxxx
>
> or
>
> 2) getting a Private Enterprise Number from the IANA and using a custom block:
>
> http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.4.7
Or
3) using a "reserved for local use" block type:
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=https://raw.githubusercontent.com/pcapng/pcapng/master/draft-tuexen-opsawg-pcapng.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.11.1
but bear in mind that the standard Wireshark releases will never include built-in support for any "reserved for local use" block type, and there is no guarantee that somebody else won't use the same "reserved for local use" type, so that should be used only for types that 1) you're only going to use at your site or 2) that you're experimenting with prior to getting an official block type value or getting a Private Enterprise Number and using a custom block.
