[ntar-workers] Generic Comments on NTAR format

[Loris Degioanni]

Jose M. Gonzalez wrote:
> Hi, 
> 
> Some generic comments on the NTAR format: 
>  
> - The first thing I'd change is the use of 0, 1, 2, etc. for all the codes,
>   including block type codes (Figure 1), SHB Option codes, Interface Option
>   codes, etc. Instead, I'd use a 32-bit number corresponding to 4 ascii
>   characters that remind of the block/option meaning. For example, we
>   could use the following block type codes: 0x53484220 (or "SHB ") for
>   Section Header Blocks; 0x49444220 (or "IDB ") for Interface Definition 
>   Blocks; etc. The benefit of this approach is that a parser that doesn't
>   know how to parse a block could at least provide 4 ascii characters
>   understable by humans ("DROP" is an easy one that comes to my mind).
>   The cost is zero. The benefit is non-zero. 
> 

This is a good idea, but:

- some blocks, like the SHB, cannot have arbitrary codes: they need 
magic numbers to handle big endian vs little endian issues (we discussed 
quite a lot about this last year on tcpdump-workers)
- one of the bits of the section code (the most significant one) is 
currently reserved to distinguish between private and public blocks.
- I'm worried that, since we have only 4 characters, some strings could 
be very similar and this could decrease readability instead of improving it.

Loris