tcpdump mailing list archives

Re: DLT for LLCP

From: mike wakerly <mikey () google com>
Date: Tue, 21 Feb 2012 10:45:40 -0800

On Mon, Feb 13, 2012 at 12:58 PM, mike wakerly <mikey () google com> wrote:

[sorry for the broken threading, I was not previously subscribed.]

On Thu, Feb 9, 2012 at 6:36 AM, Guy Harris <guy () alum mit edu> wrote:

On Feb 8, 2012, at 3:26 AM, mike wakerly wrote:

Hosts need to record frame directionality in addition to
raw frame data.  As an example, a psuedo-header prepended to
individual LLCP frames recorded in this format might look like this:

 struct llcp_phdr {
   guint16 adapter;  /* Adapter number, typically 0. */
   guint16 flags;    /* Direction flag (TX/RX) and future use. */
 };

Can you allocate a new DLT_ for this?


Yes, once there's a firm final specification for what the
pseudo-header will look like for all frames.  (If
there's more than one type of pseudo-header, there will have to be
more than one link-layer header type
value allocated, one for each pseudo-header type.)


No problem.  Let's go with more condensed version of my example:
  struct llcp_phdr {
    guint8 adapter;  /* Adapter number, typically 0. */
    guint8 flags;    /* Direction flag (TX/RX) and future use. */
  };

The least significant bit of `flags` indicates packet direction (1 =
TX, 0 = RX); all other bits are undefined.

Here's a tcpdump-docs change on github (lmk and I'll turn it into a
pull request):
 https://github.com/mik3y/tcpdump-htdocs/commit/74a72c24ab67fef976f09ce0f6543830fc5f0199

Presumably what follows the pseudo-header will be an LLCP PDU of the
form described in section 4.1 "LLC PDU
Format" of the LLCP specification, i.e. a byte containing the DSAP and
upper two bits of the PTYPE,
followed by a byte containing the lower two bits of the PTYPE and the
SSAP, followed by the sequence byte if
the frame has sequence numbers, followed by the bytes of payload.


Yes, that's precisely it!

thanks!
mike


Hi Guy,

Friendly ping.  Does the above look good to you, and is there anything
I can do to help move it along?

thanks!
mike
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

DLT for LLCP mike wakerly (Feb 08)
- Re: DLT for LLCP Guy Harris (Feb 08)
- Re: DLT for LLCP mike wakerly (Feb 13)
  - Re: DLT for LLCP mike wakerly (Feb 21)
  - Re: DLT for LLCP Guy Harris (Feb 28)