Re: [tcpdump-workers] DLT for LLCP

Tue, 21 Feb 2012 10:46:43 -0800 

On Mon, Feb 13, 2012 at 12:58 PM, mike wakerly <mi...@google.com> wrote:
> [sorry for the broken threading, I was not previously subscribed.]
>
> On Thu, Feb 9, 2012 at 6:36 AM, Guy Harris <g...@alum.mit.edu> wrote:
>> On Feb 8, 2012, at 3:26 AM, mike wakerly wrote:
>>> Hosts need to record frame directionality in addition to
>>> raw frame data.  As an example, a psuedo-header prepended to
>>> individual LLCP frames recorded in this format might look like this:
>>>
>>>  struct llcp_phdr {
>>>    guint16 adapter;  /* Adapter number, typically 0. */
>>>    guint16 flags;    /* Direction flag (TX/RX) and future use. */
>>>  };
>>>
>>> Can you allocate a new DLT_ for this?
>>
>> Yes, once there's a firm final specification for what the
>> pseudo-header will look like for all frames.  (If
>> there's more than one type of pseudo-header, there will have to be
>> more than one link-layer header type
>> value allocated, one for each pseudo-header type.)
>
> No problem.  Let's go with more condensed version of my example:
>   struct llcp_phdr {
>     guint8 adapter;  /* Adapter number, typically 0. */
>     guint8 flags;    /* Direction flag (TX/RX) and future use. */
>   };
>
> The least significant bit of `flags` indicates packet direction (1 =
> TX, 0 = RX); all other bits are undefined.
>
> Here's a tcpdump-docs change on github (lmk and I'll turn it into a
> pull request):
>  https://github.com/mik3y/tcpdump-htdocs/commit/74a72c24ab67fef976f09ce0f6543830fc5f0199
>
>> Presumably what follows the pseudo-header will be an LLCP PDU of the
>> form described in section 4.1 "LLC PDU
>> Format" of the LLCP specification, i.e. a byte containing the DSAP and
>> upper two bits of the PTYPE,
>> followed by a byte containing the lower two bits of the PTYPE and the
>> SSAP, followed by the sequence byte if
>> the frame has sequence numbers, followed by the bytes of payload.
>
> Yes, that's precisely it!
>
> thanks!
> mike

Hi Guy,

Friendly ping.  Does the above look good to you, and is there anything
I can do to help move it along?

thanks!
mike
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Reply via email to