Merge pull request #132 from RavuAlHemio/epb_processid_threadid

add EPB extension epb_processid_threadid
IETF-OPSAWG-WG · Jul 23, 2023 · 1fd95a3 · 1fd95a3
2 parents 075a594 + 69de62a
commit 1fd95a3
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/draft-ietf-opsawg-pcapng.md b/draft-ietf-opsawg-pcapng.md
@@ -1332,6 +1332,7 @@ the following options are valid within this block:
 | epb_packetid | 5 | 8 | no |
 | epb_queue | 6 | 4 | no |
 | epb_verdict | 7 | variable, minimum verdict type-dependent | yes |
+| epb_processid_threadid | 8 | 8 | no |
 {: #options_epb title='Enhanced Packet Block Options'}
 
 
@@ -1431,6 +1432,21 @@ Example: '02 00 00 00 00 00 00 00 02' for Linux_eBPF_XDP with
 verdict XDP_PASS.
 
 
+{: indent='8'}
+epb_processid_threadid:
+: The epb_processid_threadid
+  option stores the numeric process identifier and thread identifier
+  of the process which originated the packet as unsigned 32-bit
+  integers. The value 0 can be used for each if the concept of a
+  process or thread identifier does not make sense in context (e.g.
+  for inbound packets) or if the operating system capturing the
+  packets has no concept of processes or threads, respectively.
+{: vspace='0'}
+
+Example: '00 00 04 D2 00 00 00 00' for process 1234 and an unknown
+thread.
+
+
 ### Enhanced Packet Block Flags Word {#section_epb_flags}
 
 The Enhanced Packet Block Flags Word is a 32-bit value that