tcpdump mailing list archives

Re: DLT_ request

From: Scott Deandrea <sdeandrea () apple com>
Date: Fri, 09 Dec 2016 13:37:40 -0800

Hi Guy,

Nothing has shipped with any version of macOS yet; indeed I’m trying to avoid the mistake that was made with DLT_USER2 
and PKTAP.

The link-layer header format is as follows:
struct
{
    // Control information
    uint16_t bcdVersion;        // version of this structure
    uint8_t  headerLength;      // length of this structure
    uint8_t  requestType;       // tAppleUSBHostPacketFilterRequestType
    
    // Transfer information
    uint32_t ioLength;          // amount of data requested/transferred
    uint32_t ioStatus;          // IOReturn
    uint32_t ioFrameCount;      // number of isoch frames following
    uint64_t ioID;              // unique id for this I/O
    
    // Device information
    uint32_t deviceLocation;    // locationID of the device
    uint8_t  deviceSpeed;       // tEndpointSpeed
    uint8_t  deviceAddress;     // tUSBHostDeviceAddress
    uint8_t  endpointAddress;   // Address and Direction
    uint8_t  endpointType;      // tEndpointType
    
    // Additional information
} __attribute__((packed, aligned(sizeof(uint32_t))));

The packet payload is the raw USB data that was sent/received for I/O request.

Thanks,
—scott

On Dec 7, 2016, at 3:44 PM, Guy Harris <guy () alum mit edu> wrote:

On Dec 1, 2016, at 10:34 AM, Scott Deandrea <sdeandrea () apple com> wrote:

We’ve been working to provide developers with a software packet capture solution for USB transfers at Apple.  To 
that end, I have implemented a solution which uses BPF and is libpcap compatible but is currently using the link 
type DLT_USER15.


(Hopefully that hasn't shipped with any version of macOS, and is only being used internally to Apple, so that Apple 
hasn't repeated the mistake they made with DLT_USER2 and PKTAP.)

Therefore, I’m requesting a DLT_ value for this.  Please let me know what the proper procedure is for this


We need a description of the link-layer header for the packets, and an indication of what the packet payload is - 
either a document at Apple we can link to, or something we can put into a document hosted on tcpdump.org.


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

DLT_ request Scott Deandrea (Dec 07)
- Re: DLT_ request Guy Harris (Dec 07)
  - Re: DLT_ request Scott Deandrea (Dec 09)
    - Re: DLT_ request Guy Harris (Dec 09)
    - Re: DLT_ request Scott Deandrea (Dec 09)
    - Re: DLT_ request Guy Harris (Dec 10)
    - Re: DLT_ request Scott Deandrea (Dec 11)
    - Re: DLT_ request Guy Harris (Dec 11)
    - Re: DLT_ request Scott Deandrea (Dec 12)
    - Re: DLT_ request Guy Harris (Dec 12)
    - Re: DLT_ request Scott Deandrea (Dec 12)
    - Re: DLT_ request Guy Harris (Dec 09)
    - Re: DLT_ request Guy Harris (Dec 10)

(Thread continues...)