tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request for a new LINKTYPE_/DLT_ type.

From: "Dave Barach (dbarach)" <dbarach () cisco com>
Date: Sun, 23 Dec 2018 12:45:43 +0000
Folks,

Haven't heard anything in a while, what needs to happen in order to assign a LINKTYPE_/DLT_ type for the file format 
described below?

Thanks... Dave

VPP graph dispatch trace record description. 

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Major Version | Minor Version | NStrings      | ProtoHint     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Buffer index (big endian)                                     |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   + VPP graph node name ...     ...               | NULL octet    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Buffer Metadata ... ...                       | NULL octet    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Buffer Opaque ... ...                         | NULL octet    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Buffer Opaque 2 ... ...                       | NULL octet    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | VPP ASCII packet trace (if NStrings > 4)      | NULL octet    |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Packet data (up to 16K)                                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Graph dispatch records comprise a version stamp, an indication of how many NULL-terminated strings will follow the 
record header and precede packet data, and a protocol hint.

The buffer index is an opaque 32-bit cookie which allows consumers of these data to easily filter/track single packets 
as they traverse the forwarding graph. Multiple records per packet are normal, and to be expected. 

As of this writing: major version = 1, minor version = 0. Nstrings SHOULD be 4 or 5. Consumers SHOULD be wary values 
less than 4 or greater than 5. They MAY attempt to display the claimed number of strings, or they MAY treat the 
condition as an error.

Here is the current set of protocol hints:

typedef enum
  {
    VLIB_NODE_PROTO_HINT_NONE = 0,
    VLIB_NODE_PROTO_HINT_ETHERNET,
    VLIB_NODE_PROTO_HINT_IP4,
    VLIB_NODE_PROTO_HINT_IP6,
    VLIB_NODE_PROTO_HINT_TCP,
    VLIB_NODE_PROTO_HINT_UDP,
    VLIB_NODE_N_PROTO_HINTS,
  } vlib_node_proto_hint_t;

Example: VLIB_NODE_PROTO_HINT_IP6 means that the first octet of packet data SHOULD be 0x60, and should begin an ipv6 
packet header.

Downstream consumers of these data SHOULD pay attention to the protocol hint. They MUST tolerate inaccurate hints, 
which WILL occur from time to time.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: