Re: [tcpdump-workers] Request for a new LINKTYPE_/DLT_ type.
Folks,
Haven't heard anything in a while, what needs to happen in order to assign a
LINKTYPE_/DLT_ type for the file format described below?
Thanks... Dave
VPP graph dispatch trace record description.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Major Version | Minor Version | NStrings | ProtoHint |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Buffer index (big endian) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ VPP graph node name ... ... | NULL octet|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Buffer Metadata ... ... | NULL octet|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Buffer Opaque ... ... | NULL octet|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Buffer Opaque 2 ... ... | NULL octet|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VPP ASCII packet trace (if NStrings > 4) | NULL octet|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Packet data (up to 16K) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Graph dispatch records comprise a version stamp, an indication of how many
NULL-terminated strings will follow the record header and precede packet data,
and a protocol hint.
The buffer index is an opaque 32-bit cookie which allows consumers of these
data to easily filter/track single packets as they traverse the forwarding
graph. Multiple records per packet are normal, and to be expected.
As of this writing: major version = 1, minor version = 0. Nstrings SHOULD be 4
or 5. Consumers SHOULD be wary values less than 4 or greater than 5. They MAY
attempt to display the claimed number of strings, or they MAY treat the
condition as an error.
Here is the current set of protocol hints:
typedef enum
{
VLIB_NODE_PROTO_HINT_NONE = 0,
VLIB_NODE_PROTO_HINT_ETHERNET,
VLIB_NODE_PROTO_HINT_IP4,
VLIB_NODE_PROTO_HINT_IP6,
VLIB_NODE_PROTO_HINT_TCP,
VLIB_NODE_PROTO_HINT_UDP,
VLIB_NODE_N_PROTO_HINTS,
} vlib_node_proto_hint_t;
Example: VLIB_NODE_PROTO_HINT_IP6 means that the first octet of packet data
SHOULD be 0x60, and should begin an ipv6 packet header.
Downstream consumers of these data SHOULD pay attention to the protocol hint.
They MUST tolerate inaccurate hints, which WILL occur from time to time.
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Request for a new LINKTYPE_/DLT_ type.
Dave Barach (dbarach) wrote: > Haven't heard anything in a while, what needs to happen in order to > assign a LINKTYPE_/DLT_ type for the file format described below? Generally, an email such as yours. You can send a pull requests against libpcap if you like, see: https://github.com/the-tcpdump-group/libpcap/blob/master/doc/DLT_ALLOCATE_HOWTO.md Is there a URL we can point to that might contain updates, or will your email be enough? > Thanks... Dave > VPP graph dispatch trace record description. Can you explain a bit more about what collects these records, and what they are used for? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Request for a new LINKTYPE_/DLT_ type.
Dear Michael, Thanks for the info. Apologies for not finding DLT_ALLOCATE_HOWTO.md. "I'm on it..." At least until the vpp project doc tree moves to more sensible place, the URL below will track any changes. The file format [and by implication, the companion wireshark dissector] shouldn't need to change. https://fdio-vpp.readthedocs.io/en/latest/gettingstarted/developers/vnet.html?highlight=wireshark#graph-dispatcher-pcap-tracing Thanks... Dave -Original Message- From: Michael Richardson Sent: Sunday, December 23, 2018 12:56 PM To: Dave Barach (dbarach) Cc: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Request for a new LINKTYPE_/DLT_ type. Dave Barach (dbarach) wrote: > Haven't heard anything in a while, what needs to happen in order to > assign a LINKTYPE_/DLT_ type for the file format described below? Generally, an email such as yours. You can send a pull requests against libpcap if you like, see: https://github.com/the-tcpdump-group/libpcap/blob/master/doc/DLT_ALLOCATE_HOWTO.md Is there a URL we can point to that might contain updates, or will your email be enough? > Thanks... Dave > VPP graph dispatch trace record description. Can you explain a bit more about what collects these records, and what they are used for? -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works|IoT architect [ ] m...@sandelman.ca http://www.sandelman.ca/| ruby on rails[ ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
