Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsawg-pcap.txt --- FCS length description
Guy Harris <gharris@sonic.net> Tue, 22 December 2020 09:23 UTC
Return-Path: <gharris@sonic.net>
X-Original-To: opsawg@ietfa.amsl.com
Delivered-To: opsawg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA2973A0EB2 for <opsawg@ietfa.amsl.com>; Tue, 22 Dec 2020 01:23:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id psR_h_NzQ7Xx for <opsawg@ietfa.amsl.com>; Tue, 22 Dec 2020 01:23:50 -0800 (PST)
Received: from c.mail.sonic.net (c.mail.sonic.net [64.142.111.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D88033A0EAF for <opsawg@ietf.org>; Tue, 22 Dec 2020 01:23:50 -0800 (PST)
Received: from [192.168.42.85] (173-228-4-241.dsl.dynamic.fusionbroadband.com [173.228.4.241]) (authenticated bits=0) by c.mail.sonic.net (8.15.1/8.15.1) with ESMTPSA id 0BM9NnTN015636 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 22 Dec 2020 01:23:49 -0800
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Guy Harris <gharris@sonic.net>
In-Reply-To: <04F170EE-7020-4092-B94D-C09335FE87EE@sonic.net>
Date: Tue, 22 Dec 2020 01:23:48 -0800
Cc: opsawg@ietf.org, tcpdump-workers <tcpdump-workers@lists.tcpdump.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8A9FE19C-FA0A-4D77-B96A-71E55F0C3AB4@sonic.net>
References: <12531.1608597102@localhost> <04F170EE-7020-4092-B94D-C09335FE87EE@sonic.net>
To: Pcap-ng file format <pcap-ng-format@winpcap.org>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
X-Sonic-CAuth: UmFuZG9tSVbA0PfaJn4aS8uzt9jiPCEGfpI20f8Fj6DtBWIvKWfDxxMns7TJRFDCNtb1kZ2HhDWwk0uRb+e1KXJQOKVzPMZJ
X-Sonic-ID: C;PitFZjdE6xGd853Pl+vPsg== M;eph9ZjdE6xGd853Pl+vPsg==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Archived-At: <https://mailarchive.ietf.org/arch/msg/opsawg/3Sz9cqZK6GIyq21WZHN346TlQZ8>
Subject: Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsawg-pcap.txt --- FCS length description
X-BeenThere: opsawg@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OPSA Working Group Mail List <opsawg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/opsawg>, <mailto:opsawg-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/opsawg/>
List-Post: <mailto:opsawg@ietf.org>
List-Help: <mailto:opsawg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/opsawg>, <mailto:opsawg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Dec 2020 09:23:52 -0000
On Dec 22, 2020, at 1:01 AM, Guy Harris <gharris@sonic.net> wrote: > They were originally intended for use with some stuff NetBSD was doing (I'd have to look into the history of the NetBSD code), but I think NetBSD stopped doing that. The commit message for the change that added the macros was: commit afbb1ce7227dc5edb291f242ed8d95cd3762fc51 Author: Guy Harris <gharris@sonic.net> Date: Sat Sep 29 19:33:29 2007 +0000 Based on work from Florent Drouin, split the 32-bit link-layer type field in a capture file into: a 16-bit link-layer type field (it's 16 bits in pcap-NG, and that'll probably be enough for the foreseeable future); a 10-bit "class" field, indicating the group of link-layer type values to which the link-layer type belongs - class 0 is for regular DLT_ values, and class 0x224 grandfathers in the NetBSD "raw address family" link-layer types; a 6-bit "extension" field, storing information about the capture, such an indication of whether the packets include an FCS and, if so, how many bytes of FCS are present. So what NetBSD had was a convention where a capture file could have a link-layer type that combined an AF_ value with some additional bits to distinguish the value from a regular LINKTYPE_ value; I don't know what AF_ values they supported for that, or where that code was, or whether it's still supported.
- [OPSAWG] draft-gharris-opsawg-pcap.txt --- FCS le… Michael Richardson
- [OPSAWG] draft-gharris-opsawg-pcap.txt --- FCS le… Michael Richardson
- [OPSAWG] draft-gharris-opsawg-pcap.txt --- IANA c… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] draft-gharris-opsawg-pcap.txt --- FC… Carsten Bormann
- Re: [OPSAWG] draft-gharris-opsawg-pcap.txt --- FC… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… mohamed.boucadair
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Guy Harris
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Adrian Farrel
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… Michael Richardson
- Re: [OPSAWG] [pcap-ng-format] draft-gharris-opsaw… tom petch