Re: [tcpdump-workers] Request DLT_/LINKTYPE_ value for vSockets

[Gerard Garcia]

On 07/18/2016 11:36 PM, Guy Harris wrote:

OK, so here's a description of the header, in the style of other pages linked to by the 
"Link-layer header types" page:

Packet structure

+---+
| Source CID|
| (8 Octets)|
+---+
|  Destination CID  |
| (8 Octets)|
+---+
|Source port|
| (4 Octets)|
+---+
|  Destination port |
| (4 Octets)|
+---+
| Operation |
| (2 Octets)|
+---+
|Transport header type  |
| (2 Octets)|
+---+
|   Transport header length |
| (2 Octets)|
+---+
|  Transport header |
.   .
.   .
.   .
+---+
|   Payload |
.   .
.   .
.   .


Description

The source and destination CID fields are in little-endian byte order; they 
identify the source and destination vsock devices.

The source and destination port fields are in little-endian byte order; they 
identify XXX.

The operation field is in little-endian byte order; it contains a value that is 
one of:

* 1, for a connect operation;
* 2, for a disconnect operation;
* 3, for a control operation;
* 4, for a data transfer operation.

The transport header type field is in little-endian byte order; it contains a 
value that is one of:

* 1, if there is no transport header information;
* 2, if there is a virtio transport header.

The transport header length field is in little-endian byte order; it indicates 
how many bytes of transport header follow the length field.  It may be non-zero 
even if the transport header type field has a value of 1; in that case, the 
bytes for the transport header should be skipped.

If the transport header type field has a value of 2, the transport header is a 
virtio transport header:

{fill in description here}

For packets with an operation field with a value of 4, the payload follows the 
transport header.

So the questions that remain are:

1) What do the ports identify?  Different connections on the same vsock 
device?

They identify a data stream within a vsock device.

2) What is the format of the transport header?
It is well described in the virtio vsock specification: 
https://stefanha.github.io/virtio/#x1-287 May we just link there?
At some point it will be merged with the official specification 
documents 
(http://docs.oasis-open.org/virtio/virtio/v1.0/virtio-v1.0.html) so the 
link will need to be updated.

3) Will the length of the transport header ever change?

We should assume that it may change.

___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] Request DLT_/LINKTYPE_ value for vSockets

[Guy Harris]

On Jul 19, 2016, at 7:12 AM, Gerard Garcia  wrote:

>>  2) What is the format of the transport header?
> 
> It is well described in the virtio vsock specification: 
> https://stefanha.github.io/virtio/#x1-287 May we just link there?

If that's

struct virtio_vsock_hdr { 
  le64 src_cid; 
  le64 dst_cid; 
  le32 src_port; 
  le32 dst_port; 
  le32 len; 
  le16 type; 
  le16 op; 
  le32 flags; 
  le32 buf_alloc; 
  le32 fwd_cnt; 
};

that appears to duplicate fields in the link-layer header; are those fields, in 
fact, duplicates?

>>  3) Will the length of the transport header ever change?
> 
> We should assume that it may change.

So will the transport header ever change *without* the length changing?  If it 
changes by adding new data to the end, or by removing some fields at the end, 
code that parses a packet in a capture can use the length field to determine 
whether the added fields are present, but if the header can change without the 
length changing - or by more than just fields being added to the end or removed 
from the end - there needs to be something in the header to give a version for 
the transport header, such as changing the transport header type.
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers