tcpdump mailing list archives

Re: [RFC TCPDUMP PATCH 2/2] Add sll_ifindex into sll_header + use it to print ifname

From: Denis Ovsienko <denis () ovsienko info>
Date: Tue, 31 Jul 2018 13:10:21 +0100

 ---- On Fri, 13 Jul 2018 08:40:47 +0100 Denis Ovsienko <denis () ovsienko info> wrote ----

 ---- On Thu, 12 Jul 2018 20:38:08 +0100 Guy Harris <gharris () sonic net> wrote ---- 
 > On Jul 12, 2018, at 11:33 AM, Petr Vorel <pvorel () suse cz> wrote: 
 >  
 > > +#ifdef PCAP_SUPPORT_SLL_V2 
 > > +    char ifname[IF_NAMESIZE]; 
 > > +    if (if_indextoname(EXTRACT_BE_U_6(sllp->sll_ifindex), ifname)) 
 > > +        ND_PRINT("IFNAME %s ", ifname); 
 > > +#endif 
 >  
 > What happens if you capture traffic on machine A and print it on machine B, where machines A and B have different 
sets of network interfaces? 
 >  
 > (This is why pcapng has Interface Description Blocks - so that the list of interfaces is part of the file, so you 
use *that*, rather than the configuration of interfaces on the machine running the program reading the capture, to 
get interface names.) 

What if the MBZ field of SLL2 encoding was first, and its values meant the following:

* 0x0000: the rest of the packet structure is a packet (like it is now)
* 0x0001: interface X exists, has name Y and is up (down) and is (is not) in promiscuous mode
* 0x0002: interface X no longer exists

Then in future it will be possible to interleave packet events with interface events. At the start of the capture it 
will be possible to have a sequence of interface declarations before any packets, and later on it will be possible 
to encode the interface name changes in the middle of the packet events. Then it will be possible to record the 
sequence of the events and interface names more or less accurately (less the synchronization between the capture 
buffer and the netlink socket), and to replay later.


It would be right to attribute the idea of events interleaving properly: the suggestion above is very close to or the 
same as what Paul Evans suggested before me on 11 April 2018 in https://github.com/the-tcpdump-group/tcpdump/issues/296

It could have been made even before that elsewhere, but I do not have exact information at this time.

-- 
    Denis Ovsienko


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

[RFC TCPDUMP PATCH 0/2] LINKTYPE_LINUX_SLL2 implementation Petr Vorel (Jul 12)
- [RFC TCPDUMP PATCH 1/2] Update configure Petr Vorel (Jul 12)
- [RFC TCPDUMP PATCH 2/2] Add sll_ifindex into sll_header + use it to print ifname Petr Vorel (Jul 12)
  - Re: [RFC TCPDUMP PATCH 2/2] Add sll_ifindex into sll_header + use it to print ifname Guy Harris (Jul 12)
    - Re: [RFC TCPDUMP PATCH 2/2] Add sll_ifindex into sll_header + use it to print ifname Petr Vorel (Jul 12)
    - Re: [RFC TCPDUMP PATCH 2/2] Add sll_ifindex into sll_header + use it to print ifname Denis Ovsienko (Jul 13)
    - Re: [RFC TCPDUMP PATCH 2/2] Add sll_ifindex into sll_header + use it to print ifname Denis Ovsienko (Jul 17)
    - Re: [RFC TCPDUMP PATCH 2/2] Add sll_ifindex into sll_header + use it to print ifname Petr Vorel (Jul 18)
    - Re: [RFC TCPDUMP PATCH 2/2] Add sll_ifindex into sll_header + use it to print ifname Denis Ovsienko (Jul 31)
- Re: [RFC TCPDUMP PATCH 0/2] LINKTYPE_LINUX_SLL2 implementation Guy Harris (Jul 12)
  - Re: [RFC TCPDUMP PATCH 0/2] LINKTYPE_LINUX_SLL2 implementation Petr Vorel (Jul 12)