On Dec 11, 2011, at 2:21 PM, Akos Vandra wrote:
> I thought I will decode these timestamp messages, and use them to
> construct the pcap_pkthdr structure's ts field, as the arrival time
> cannot be manipulated later from within a dissector
That's probably the best thing to do. "X us have passed" probably aren't, in
and of themselves, interesting events.
> What do you mean I have to provide a description of the messages? They
> just contain the message source ID (there are multiple trace sources
> within the trace peripheral for hardware messages, software
> (printf-like) messages, and instruction tracing), and the message raw
> data, nothing special.
Then you'd say that a message consists of an n-byte message source ID in
whatever byte order it's in if n > 1, followed by some number of bytes of
payload; a reference to an ARM document, even if you have to be a Registered
Customer to see it, would suffice as a description of the payload. Presumably
the number of bytes of payload would be the total packet length minus the
length of the message source ID.
See
http://www.tcpdump.org/linktypes.html
for examples of how link-layer header types are described.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
