Re: New official link-layer type request

[Damir Franusic <damir.franusic () gmail com>]

Hi

Df_type is a part of CC configuration set by LEA for that target and I 
made a little mistake not explaining it properly.
This encoding is only relevant for IRI data in which case, Data can be 
either 0x03 ELEE format for IRI which is explained in
3.3.2.1.2.1.2.1. 
<http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=http://socket.hr/draft-dfranusic-opsawg-elee-00.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.3.3.2.1.2.1.2.1>IPIRI 
Data Body. In case of CC data, Data part is alwas rawraw packet data 
starting with ETH header(DLT 0x01).  I will fix this (Df_type should be 
ignored in case of CC data), but like I said it's work in progress.


On 5/19/19 12:21 AM, Guy Harris wrote:
> On May 12, 2019, at 1:28 PM, Damir Franusic <damir.franusic () gmail com> wrote:
>
> > I've tried to be as prompt and as accurate as possible so here is the draft, I hope you'll appreciate the effort. I 
> > agree
> > that the initial thing I sent was an abomination. I will work on this draft as the project progresses, but for now, it 
> > covers
> > everything implemented so far.
> >
> > http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=http://socket.hr/draft-dfranusic-elee-00.xml&modeAsFormat=html/ascii
> Currently, the spec says that in a "Target PDU with CC data", the "Data size" field is the "Size of CC data encoded using the value from Df_type 
> field (UINT32 field)" and the "Data" field is the "Raw CC packet data".
>
> The "Df_type" field has values:
>
>         0x01    Libpcap File Format (PCAP)
>         0x02    ASN.1 Basic Encoding Rules (BER)
>         0x03    ELEE Encapsulation
>
> What do those values mean in this context?
>
> For a value of 0x01, does that mean that the "Raw CC packet data" contains a pcap record:
>
>         https://www.tcpdump.org/manpages/pcap-savefile.5.html
>
> with a time stamp, captured data length, and on-the-network data length, followed by packet data?  If so, what 
> indicates the time stamp resolution and the link-layer type of the packet data?
>
> Presumably 0x02 means BER-encoded ASN.1 data according to some ETSI specification, as per
>
> > The format of that delivery if defined by ETSI; they describe everything in great detail by using ASN.1 notation which 
> > is then encoded using
> > BER when sent by wire.
> What ETSI specification is that?
>
> And what does 0x03 mean?  If it's an "ELEE Encapsulation", it would presumably need to be defined by the ELEE spec itself, 
> but it's not currently defined in that spec.

--
Damir Franusic

email: damir.franusic () gmail com
http://ele2.io/

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers