tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DLT_ATM_RFC1483 link-layer length ?

From: Guy Harris <guy () netapp com>
Date: Wed, 13 Nov 2002 12:07:13 -0800
On Wed, Nov 13, 2002 at 12:15:53PM +0100, Hannes Gredler wrote:

where is actually the link-layer of an linktype defined ?


In its "if_print" routine, e.g. ...


i was under the impression that libpcap/gencode.c
carries those information;

i.e.

---
      case DLT_ATM_RFC1483:
      case DLT_ATM_CLIP:      /* Linux ATM defines this */
              /*
               * assume routed, non-ISO PDUs
               * (i.e., LLC = 0xAA-AA-03, OUT = 0x00-00-00)
               */
              off_linktype = 0;
              off_nl = 8;             /* 802.2+SNAP */
              off_nl_nosnap = 3;      /* 802.2 */
              return;


"atm_if_print()" for LLC-encapsulated ATM frames, or in routines called
by it.


however as shown below tcpdump output insists on a 20-byte linkheader
for an LLC encapsulated frame [0606 is the LLCSAP_IP]

./tcpdump -n -e -x -r bootp.tcpdump

[ ... ]
12:28:00.323043 606000045000148 263a0000ff11946b 
                         ffff ffff 0044 0043 0134 0000 0101 0600
                         0000 263a 006e 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0800 0625 ec2a 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         [ ... ]

any ideas ?


There is some code in "atm_if_print()" that assumes that the LLC
encapsulation is a SNAP encapsulation *and* that, if it isn't, there's
an 802.6 MAC header from a driver from Fore; presumably this was
something they did before encapsulations of that sort were standardized.

If people are using the IP LLCSAP, as well as SNAP, to send IP over ATM,
I'd change that code to check for that as well - and, as long as you're
at it, check for a some other SAP values as well.  (The control field is
always 0x03, at least as I read RFC 1483:

   In LLC Encapsulation for routed protocols, the Control field has  
   always value 0x03 specifying Unnumbered Information Command PDU.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: