Dear all,
I have been looking for a way to store 4G and 5G RAN/Core signaling traces in pcapng. Its lack of support for 5G traces made me abandon gsmtap and focus on the exported_pdu protocol that allows me to specify the dissector to apply and hence can handle any protocol.
The TLV approach for the header/metadata is extremely effective. I am suggesting you extend it to make it support arbitrary application-specific metadata.
Inspired by ideas from IPFIX [RFC7011], here is my proposal.
Option Code / Tag gets reduced from 16 bits to 15 bits. The skipped bit becomes E, the Enterprise bit. If this bit is zero, the Tag identifies a standard option. If this bit is one, the Tag identifies an enterprise-specific Option, and an Enterprise Number field MUST be present at the beginning of the option value.
The Enterprise Number is the IANA enterprise number [IANA-PEN] of the authority defining the Option / Tag and its meaning.
This proposal halves the number of available codes for standard options; at the same time, it gives much more flexibility to third parties to include metadata in the header as they can maintain their list of codes and options.
Examples:
00 0E 00 08 74 63 70 2e 70 6F 72 74
TAG: 0x000E (14)
LEN: 0x0008 (8)
VALUE: tcp.port
10 01 00 08 00 00 D2 30 01 02 03 04
E: 1
TAG: 0x0001 (1)
LEN: 0x0008 (8)
ENTERPRISE: 0x0000D230 (53808) "VIAVI Solutions Inc."
DATA (remaining 4 octets): 01 02 03 04
What do you think?
Regards,
Mauro
[RFC7011] <https://datatracker.ietf.org/doc/html/rfc7011>.
[IANA-PEN] IANA, "Private Enterprise Numbers", <https://www.iana.org/assignments/enterprise-numbers/>.