Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Adding IEEE 802.15.4 DLT for meta data?

From: Guy Harris <guy () alum mit edu>
Date: Mon, 7 Jan 2019 13:50:11 -0800
On Jan 7, 2019, at 1:18 PM, James Ko <jim.list () hotmail com> wrote:


There are ongoing proposal in pcapng format for adding generic wireless meta data options to the enhanced packet 
block (EPB) and invariant (or seldom changing) capture interface meta data to a new capture interface block (CIB).
https://github.com/pcapng/pcapng/pull/51 and  https://github.com/pcapng/pcapng/pull/56

I see  that 802.11 has several DLT types for including metadata.  (DLT_PRISM_HEADER, DLT_IEEE802_11_RADIO, & 
DLT_IEEE802_11_RADIO_AVS)


Yes.  Personally, I think that's two too many - three, actually, with DLT_PPI - but there are historical reasons for 
them.  I'd like to see radiotap pick up all of the 802.11-specific things PPI does, at which point PPI's remaining 
capabilities should probably be picked up either by other link-layer header types or by pcapng options.


I would like to propose one or more DLT types for including 802.15.4 meta-data.


I'd prefer "one" to "or more".


Defining a new DLT type instead of relying on PCAPNG out of band data enables adding the additional information to 
pcap sources as well.


Yes.  My inclination, by default, is to put the metadata in the link-layer header, with a new link-layer header type 
assigned, rather than use pcapng for this.


Preference of course is to have only one DLT type with type/length/value (TLV) for each meta data object just as 
pcapng deals with options.  However creating different DLT types may make more sense for the various MACs defined in 
IEEE802.15.4 (i.e. TSCH-MAC specific).  The new DLT would encapsulate the existing packet-ieee802154.c dissector as 
the last option.


If the metadata is mostly MAC-specific, that'd probably mean either

        1) the MAC type as the first item in the metadata, followed by MAC-specific metadata

or

        2) multiple link-layer header types.

Presumably a single interface will always have the same MAC type, so that, in the multiple link-layer header types 
case, the interface can be given a specific link-layer header type.


Any advice/comments on how to proceed or not proceed?  Shall I go just ahead and create the dissector with a new DLT 
type and submit it for code-review to solicit feedback?


The procedure for assigning a link-layer header type is outlined at the beginning of

        https://www.tcpdump.org/linktypes.html

Note that the first thing you start with is *not* code to parse the header, it's a specification of the header, 
independent of code.  All the specs on the tcpdump.org site, or linked to from the tcpdump.org site, should be 
sufficient for somebody to write code to parse the header without ever looking at tcpdump or Wireshark code.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: