tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DLT Request

From: Phil Mulholland <phil () u10networks com>
Date: Mon, 13 Aug 2007 19:04:17 +0900
Hi Guy,

Guy Harris wrote:


On Jul 31, 2007, at 7:43 PM, Phil Mulholland wrote:


I'd like to request a new DLT value for our internal header format.
We have a patched version of libpcap that can capture packets from our custom board. The board can optionally attach it's own header to the packets, before the Ethernet header. We 
call it an RAIF1 header so something like DLT_RAIF1 would be good.
I can make more information available, but currently it's only really useful to our 
customers that have a board.
I note that tcpdump, Snort, Wireshark, and ntop are mentioned on your company's website; will patches for any of those be distributed to handle DLT_RAIF1?
Generally it's not needed to use DLT_RAIF1, as we also support EN10MB and RAW. We have a quick and dirty patch for tcpdump, but not yet for the other applications. We are happy to release patches (including libpcap) back into the main source code tree... but I would like to clean up the source first.
In addition, we might want to know what information is provided in the header, to guide future work on the pcap-NG file format and on tcpdump, Wireshark, etc..
Sure. The header is used to multiplex PCI frames and Ethernet frames onto a custom processor interface. Our libpcap patch captures from this interface. It looks like: 

   0                   1                   2                   3
   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |  Ver  |       |               |  Application ID TAG           |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |  Src Addr     | Dest Addr     |  Sequence Number              |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
  |                               |  Frame Length                 |
  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Ver = 1
Src Addr/Dest Address - Onboard routing information
Application ID Tag/Sequence Number - Optional, for application usage
Frame length - In bytes, length of data following the header.

Regards,
Phil

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: