[Pascal Quantin <pascal@xxxxxxxxxxxxx>]

  Hi Mauro,
  
  
Instead of dedicating a bit to the enterprise flag, we could also define a specific tag for the IANA-PEN, then the enterprise number itself followed by its private payload. This way we keep the full range of value tags at the cost of 2 extra bytes per packet.
  
Presumably we will need also to have a way to register a custom dissector so as to decode this enterprise specific metadata using a plugin for example.
  
  
Best regards,
  
Pascal.

20 juin 2024 07:23:54 Anders Broman <a.broman58@xxxxxxxxx>:

Not against the suggestion per se  but isn't it better that you write an MR including the new tags you need so that wireshark can read your files?
Best regards
Anders

Den tors 20 juni 2024 06:30Mauro Levra via Wireshark-dev <wireshark-dev@xxxxxxxxxxxxx> skrev:

Dear all,

I have been looking for a way to store 4G and 5G RAN/Core signaling traces in pcapng. Its lack of support for 5G traces made me abandon gsmtap and focus on the exported_pdu protocol that allows me to specify the dissector to apply and hence can handle any protocol.

The TLV approach for the header/metadata is extremely effective. I am suggesting you extend it to make it support arbitrary application-specific metadata.

Inspired by ideas from IPFIX [RFC7011], here is my proposal.

Option Code / Tag gets reduced from 16 bits to 15 bits. The skipped bit becomes E, the Enterprise bit. If this bit is zero, the Tag identifies a standard option. If this bit is one, the Tag identifies an enterprise-specific Option, and an Enterprise Number field MUST be present at the beginning of the option value.

The Enterprise Number is the IANA enterprise number [IANA-PEN] of the authority defining the Option / Tag and its meaning.

This proposal halves the number of available codes for standard options; at the same time, it gives much more flexibility to third parties to include metadata in the header as they can maintain their list of codes and options.

Examples:

00 0E 00 08 74 63 70 2e 70 6F 72 74
TAG: 0x000E (14)
LEN: 0x0008 (8)
VALUE: tcp.port

10 01 00 08 00 00 D2 30 01 02 03 04
E: 1
TAG: 0x0001 (1)
LEN: 0x0008 (8)
ENTERPRISE: 0x0000D230 (53808) "VIAVI Solutions Inc."
DATA (remaining 4 octets): 01 02 03 04

What do you think?

Regards,

Mauro


[RFC7011]  <https://datatracker.ietf.org/doc/html/rfc7011>.

[IANA-PEN] IANA, "Private Enterprise Numbers", <https://www.iana.org/assignments/enterprise-numbers/>.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe