tcpdump mailing list archives
Re: Request DLT_/LINKTYPE_ value for vSockets
From: Guy Harris <guy () alum mit edu>
Date: Mon, 18 Jul 2016 14:36:30 -0700
OK, so here's a description of the header, in the style of other pages linked to by the "Link-layer header types" page:
Packet structure
+---------------------------+
| Source CID |
| (8 Octets) |
+---------------------------+
| Destination CID |
| (8 Octets) |
+---------------------------+
| Source port |
| (4 Octets) |
+---------------------------+
| Destination port |
| (4 Octets) |
+---------------------------+
| Operation |
| (2 Octets) |
+---------------------------+
| Transport header type |
| (2 Octets) |
+---------------------------+
| Transport header length |
| (2 Octets) |
+---------------------------+
| Transport header |
. .
. .
. .
+---------------------------+
| Payload |
. .
. .
. .
Description
The source and destination CID fields are in little-endian byte order; they identify the source and destination vsock
devices.
The source and destination port fields are in little-endian byte order; they identify XXX.
The operation field is in little-endian byte order; it contains a value that is one of:
* 1, for a connect operation;
* 2, for a disconnect operation;
* 3, for a control operation;
* 4, for a data transfer operation.
The transport header type field is in little-endian byte order; it contains a value that is one of:
* 1, if there is no transport header information;
* 2, if there is a virtio transport header.
The transport header length field is in little-endian byte order; it indicates how many bytes of transport header
follow the length field. It may be non-zero even if the transport header type field has a value of 1; in that case,
the bytes for the transport header should be skipped.
If the transport header type field has a value of 2, the transport header is a virtio transport header:
{fill in description here}
For packets with an operation field with a value of 4, the payload follows the transport header.
So the questions that remain are:
1) What do the ports identify? Different connections on the same vsock device?
2) What is the format of the transport header?
3) Will the length of the transport header ever change?
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Request DLT_/LINKTYPE_ value for vSockets Gerard Garcia (Jul 15)
- Re: Request DLT_/LINKTYPE_ value for vSockets Guy Harris (Jul 15)
- Re: Request DLT_/LINKTYPE_ value for vSockets Gerard (Jul 15)
- Re: Request DLT_/LINKTYPE_ value for vSockets Guy Harris (Jul 15)
- Message not available
- Re: Request DLT_/LINKTYPE_ value for vSockets Guy Harris (Jul 18)
- Re: Request DLT_/LINKTYPE_ value for vSockets Gerard Garcia (Jul 19)
- Re: Request DLT_/LINKTYPE_ value for vSockets Guy Harris (Jul 19)
- Re: Request DLT_/LINKTYPE_ value for vSockets Gerard Garcia (Jul 20)
- Re: Request DLT_/LINKTYPE_ value for vSockets Gerard (Jul 15)
- Re: Request DLT_/LINKTYPE_ value for vSockets Guy Harris (Jul 15)