tcpdump mailing list archives

Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG

From: developer--- via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Fri, 12 Feb 2021 12:49:32 +0000

--- Begin Message --- From: "developer () auerswald de" <developer () auerswald de>
Date: Fri, 12 Feb 2021 12:49:32 +0000


Sorry for the delay in responding, I had to look thru the code to make sure all the information is accurate.

I looked into the option to change in particular the  msg_type 1 (decoded SIP message),
but for the short term, using export_pdu is not an option because of the changes required.

The current implementation for the LINKTYPE_AUERSWALD_LOG uses the following format:

Each package starts with a message header followed by the payload and a 0 byte.
The message header currently has a fixed width of 150 bytes.
For the future the length of the header might change based on the msg_type.
(This will allow for less waste compared to the fix length)
Whenever the content structure of the message or length of header is changed
a new msg_type will be used.

/* Literals for displaying level are
local level_tab = {
  [0] = "Off",
  [1] = "Error",
  [2] = "Warning",
  [3] = "Info",
  [4] = "Debug",
  [5] = "EDebug"
}
*/

// The Offset in comments is just for convenience for writing wireshark dissectors
struct message_hdr {
    uint16_t msg_type;              // Offset 0
    uint32_t level;                 // Offset 2
    char     category[32];          // Offset 6
  union {                           // New Offsetbase 38
    struct {                    // if msg_type == 0
      int32_t  pid;                 // Offset 38
      int32_t  tgid;                // Offset 42
      char     procname[16];        // Offset 46
      char     threadname[16];      // Offset 62
      char     class_name[32];      // Offset 78
      char     method[32];          // Offset 110
      uint32_t lineno;              // Offset 142
      uint32_t seqno;               // Offset 146
    };
    struct {                    // if msg_type == 1
      char     src_ip[16];          // Offset 38
      uint16_t src_port;            // Offset 54
      char     dst_ip[16];          // Offset 56
      uint16_t dst_port;            // Offset 72
    };
  };
} __attribute__((packed));        // Total 150



________________________________

--- End Message ---

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 03)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Feb 03)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Michael Richardson via tcpdump-workers (Feb 03)
- Message not available
  - Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
    - Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Anders Broman via tcpdump-workers (Feb 04)
    - Message not available
    - Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
    - Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Feb 04)
- <Possible follow-ups>
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 12)
  - Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Mar 18)