tcpdump mailing list archives
Re: DLT Request
From: Phil Mulholland <phil () u10networks com>
Date: Mon, 13 Aug 2007 19:04:17 +0900
Hi Guy, Guy Harris wrote:
On Jul 31, 2007, at 7:43 PM, Phil Mulholland wrote:I'd like to request a new DLT value for our internal header format.We have a patched version of libpcap that can capture packets from our custom board. The board can optionally attach it's own header to the packets, before the Ethernet header. Wecall it an RAIF1 header so something like DLT_RAIF1 would be good.I can make more information available, but currently it's only really useful to ourcustomers that have a board.I note that tcpdump, Snort, Wireshark, and ntop are mentioned on your company's website; will patches for any of those be distributed to handle DLT_RAIF1?
Generally it's not needed to use DLT_RAIF1, as we also support EN10MB and RAW. We have a quick and dirty patch for tcpdump, but not yet for the other applications. We are happy to release patches (including libpcap) back into the main source code tree... but I would like to clean up the source first.
In addition, we might want to know what information is provided in the header, to guide future work on the pcap-NG file format and on tcpdump, Wireshark, etc..
Sure. The header is used to multiplex PCI frames and Ethernet frames onto a custom processor interface. Our libpcap patch captures from this interface. It looks like:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ver | | | Application ID TAG | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Src Addr | Dest Addr | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | Frame Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Ver = 1 Src Addr/Dest Address - Onboard routing information Application ID Tag/Sequence Number - Optional, for application usage Frame length - In bytes, length of data following the header. Regards, Phil - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- DLT Request Phil Mulholland (Jul 31)
- Re: DLT Request Guy Harris (Aug 07)
- Re: DLT Request Phil Mulholland (Aug 13)
- Re: DLT Request Guy Harris (Aug 13)
- Re: DLT Request Phil Mulholland (Aug 13)
- Re: DLT Request Guy Harris (Aug 07)