--- Begin Message ---
On Mar 3, 2021, at 8:58 AM, Jan Adam via tcpdump-workers
<tcpdump-workers@lists.tcpdump.org> wrote:
> for our new analysis product netANALYZER NG I would like to request a new
> link-layer type value.
>
> NETANALYZER_NG
>
> The new Link-Layer-Type format is described as following:
>
> Next-generation packet structure:
> +---------------------------+
> | Payload |
> . .
> . .
> | |
> +---------------------------+
> | Footer |
> | |
> +---------------------------+
>
> Next-gen footer description:
>
> [16 bit] Version represents current structure version
> [64 bit] Timestamp1 first timestamp in ns, UNIX time since 1.1.1970
> [64 bit] Timestamp2 second timestamp in ns, UNIX time since 1.1.1970
> [32 bit] TimestampAccuracy actual accuracy of Timestamp1 and Timestamp2 in
> ns. 0: actual accuracy is unknown
What do these two time stamps represent? They presumably don't represent the
packet arrival time, as both pcap and pcapng already provide that for all
packets.
> [8 bit] Representation identification of the following content
What are the possible values of this field, and what do those values signify?
> [32 bit] SrcIdPart1 source identifier part 1
> [32 bit] SrcIdPart2 source identifier part 2
> [8 bit] SrcIdPart3 source identifier part 3
> [8 bit] SrcIdPart4 source identifier part 3
So there's an 80-bit source identifier; what does that value signify?
> [64 bit] VarId variable identifier
> [64 bit] VarState variable error states, depending on
> representation
> [8 bit] VarType variable data type
What do those signify?
> [32 bit] VarSize size of raw frame payload
Presumably everything beyond that size is the footer; what are the contents of
the footer?
--- End Message ---
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
