README.md in packet_via_dmem-0.0.14 vs README.md in packet_via_dmem-0.0.15

@@ -12,10 +12,25 @@
     MX104-ABB-0(test2nqe31-re1.dk vty)# test jnh 0 packet-via-dmem capture 0x3 0x0a0b0c0d
     MX104-ABB-0(test2nqe31-re1.dk vty)# test jnh 0 packet-via-dmem capture 0x0
     MX104-ABB-0(test2nqe31-re1.dk vty)# test jnh 0 packet-via-dmem dump
     MX104-ABB-0(test2nqe31-re1.dk vty)# test jnh 0 packet-via-dmem disable
 
+ * in capture the 0x3 sets flags for what type of packets we want, for 0x3 we
+   set two flags on, 'Packet' and 'PacketHead' (show mqchip N lo stats). These
+   two cover all real traffic.
+   1. Packet     (whole packet seen)
+   2. PacketHead (334B packet, inclusive internal headers)
+
+ * after capture flags we can set up-to 8 bytes of data to match anywhere in
+   32B window
+
+ * after match trigger we have optional 3rd argument which gives the byte
+   offset where our 32B window starts from, default to 0. If you're capturing
+   IPv6, the DADDR won't fit in the first 32B window, so you might give offest
+   of say 19B to get DADDR there too (in case of L2 MAC headers, without VLAN
+   or MPLS)
+
 ## Install
     % gem install packet_via_dmem
 
 ## CLI
     % ./bin/packet-via-dmem --both ~/output.txt|grep Packet|wc -l
@@ -66,10 +81,15 @@
         --poptx         pop N bytes from sent frames
         -d, --debug     turn on debugging
         -h, --help
     %
 
+You can also read from STDIN for live capture, some thing like this should work:
+
+    % sshfs nms: nms
+    % tail -fn 10000 nms/output.txt|packet-via-dmem -|text2pcap - -|wireshark -k -i -
+
 ## Library
     require 'packet_via_dmem'
     dmem = PacketViaDMEM.new
     packets = dmem.parse File.read(ARGF[0])
     packets.each do |capture|
@@ -179,20 +199,10 @@
     00 07 00 f0 80 08
     10 07 80 f0 05 b4 81 08
     10 0b 00 f0 02 28 81 08
 
 ### Sent header
-I'm really not sure about sent headers, need more data to figure out what is
-our type. For all my examples, when we sent frame without L2 headers for
-fabric, it was MPLS, but almost certainly it can be IPv4, IPv6, ARP etc too.
-Need data to know which header tells that. So we are going to pop wrong amount
-of bytes in many sent cases.
-
-  * first byte is output
-    * 0x00 == to fabric
-    * 0x08 == to wan
-
-  * byte 6, 7, 9, 11 or 21 probably defines type (different if we sent layer2 to fabric or if we don't)
+  *FIXME* check the source...
 
 Example from MX960
 
     00 bf e0 0d 71 f0 00 04 42 20 01 44 03 01 00 81 00 00 00 00 00 00 07 e9
     00 bf e0 0f 71 f0 00 09 42 20 01 44 03 01 01 21 00 00 00 00 00 00 16 65