--- Begin Message ---On Feb 12, 2021, at 4:49 AM, developer--- via tcpdump-workers <tcpdump-workers@lists.tcpdump.org> wrote:> Sorry for the delay in responding, I had to look thru the code to make sure > all the information is accurate. > > I looked into the option to change in particular the msg_type 1 (decoded SIP > message), > but for the short term, using export_pdu is not an option because of the > changes required. > > The current implementation for the LINKTYPE_AUERSWALD_LOG uses the following > format: > > Each package starts with a message header followed by the payload and a 0 > byte. > The message header currently has a fixed width of 150 bytes. > For the future the length of the header might change based on the msg_type. > (This will allow for less waste compared to the fix length) > Whenever the content structure of the message or length of header is changed > a new msg_type will be used. > > /* Literals for displaying level are > local level_tab = { > [0] = "Off", > [1] = "Error", > [2] = "Warning", > [3] = "Info", > [4] = "Debug", > [5] = "EDebug" > } > */ > > // The Offset in comments is just for convenience for writing wireshark > dissectors > struct message_hdr { > uint16_t msg_type; // Offset 0 > uint32_t level; // Offset 2 > char category[32]; // Offset 6 > union { // New Offsetbase 38 > struct { // if msg_type == 0 > int32_t pid; // Offset 38 > int32_t tgid; // Offset 42 > char procname[16]; // Offset 46 > char threadname[16]; // Offset 62 > char class_name[32]; // Offset 78 > char method[32]; // Offset 110 > uint32_t lineno; // Offset 142 > uint32_t seqno; // Offset 146 > }; > struct { // if msg_type == 1 > char src_ip[16]; // Offset 38 > uint16_t src_port; // Offset 54 > char dst_ip[16]; // Offset 56 > uint16_t dst_port; // Offset 72 > }; > }; > } __attribute__((packed)); // Total 150 So what are the byte orders of the 2-byte and 4byte integral fields? What are the values that the msg_type field can have? Presumably the values that the level field can have are 0-5, with the meanings indicated. Presumably category is a string; what does that string signify? What do the values signify in a message of message type 0? They appear to indicate a thread within a process; do they also indicate the sending class and method? Is linen a line of source code in the implememtation of that method, or something else? What is the tgid? What is the sequence number? What is the payload following the header?
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
