tcpdump mailing list archives
Re: Link Layer Type Request NETANALYZER_NG
From: Jan Adam via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Wed, 24 Mar 2021 07:32:50 +0000
--- Begin Message --- From: Jan Adam <JAdam () hilscher com>
Date: Wed, 24 Mar 2021 07:32:50 +0000
That should also be noted in the specification.I updated the specification with information about alignment, SrcID, and PayloadType.Slicing a captured packet is not supported by our capturing device.But some software can slice packets afterwards. Either that would have to be forbidden (meaning editcap and, I think, tcpdump would have to check for LINKTYPE_NETANALYZER_NG/DLT_NETANALYZR_NG and refuse to do slicing), or they would have to 1) ensure that the slice size is >= the footer size and 2) do the slicing specially, removing bytes *before* the footer, so that if incl_len < VarSize + footer_size, (VarSize + footer_size) - incl_len bytes have been sliced off.Both might be possible path to take for slicing. In any case the PayloadSize should also be adjusted when the payload length is changed in my opinion. Is this a Problem?So, with incl_len equal to {PayloadSize,VarSize} + 54, orig_len would be equal to {original PayloadSize} + 54, so the original payload size would be orig_len - 54. That would allow the original size and the sliced size of the payload to be calculated, so that should work.Yes it should work. I have the feeling this is more about the design then the implementation. I will try to explain our design decision of the footer. We have observed that customers using Wireshark don't think about the header when counting the bytes in the hex dump and expect the frame to start at the first byte and as a result read out wrong values. Therefore our idea was to put the additional info at the end in form of a footer. Maybe you can help me understand more of the general concept, how is this slicing handled for a DLT with a header or footer in general? If you take for example another DLT: https://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html it has 16 byte header size, how does editcap or tcpdump take that into account? Is it possible to slice without taking the header size into account? Hilscher Gesellschaft für Systemautomation mbH | Rheinstrasse 15 | 65795 Hattersheim | Germany | www.hilscher.com<http://www.hilscher.com> Sitz der Gesellschaft / place of business: Hattersheim | Geschäftsführer / managing director: Sebastian Hilscher, Hans-Jürgen Hilscher Handelsregister / commercial register: Frankfurt B 26873 | Ust. Idnr. / VAT No.: DE113852715 Registergericht / register court: Amtsgericht Frankfurt/Main Important Information: This e-mail message including its attachments contains confidential and legally protected information solely intended for the addressee. If you are not the intended addressee of this message, please contact the addresser immediately and delete this message including its attachments. The unauthorized dissemination, copying and change of this e-mail are strictly forbidden. The addresser shall not be liable for the content of such changed e-mails. Wichtiger Hinweis: Diese E-Mail einschließlich ihrer Anhänge enthält vertrauliche und rechtlich geschützte Informationen, die nur für den Adressaten bestimmt sind. Sollten Sie nicht der bezeichnete Adressat sein, so teilen Sie dies bitte dem Absender umgehend mit und löschen Sie diese Nachricht und ihre Anhänge. Die unbefugte Weitergabe, das Anfertigen von Kopien und jede Veränderung der E-Mail ist untersagt. Der Absender haftet nicht für Inhalte von veränderten E-Mails.
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Link Layer Type Request NETANALYZER_NG Jan Adam via tcpdump-workers (Mar 03)
- Re: Link Layer Type Request NETANALYZER_NG Guy Harris via tcpdump-workers (Mar 03)
- Message not available
- Re: Link Layer Type Request NETANALYZER_NG Jan Adam via tcpdump-workers (Mar 08)
- Re: Link Layer Type Request NETANALYZER_NG Guy Harris via tcpdump-workers (Mar 12)
- Message not available
- Re: Link Layer Type Request NETANALYZER_NG Jan Adam via tcpdump-workers (Mar 12)
- Message not available
- Message not available
- Re: Link Layer Type Request NETANALYZER_NG Guy Harris via tcpdump-workers (Mar 12)
- Re: Link Layer Type Request NETANALYZER_NG Jan Adam via tcpdump-workers (Mar 08)
- Message not available
- Message not available
- Message not available
- Link Layer Type Request NETANALYZER_NG Jan Adam via tcpdump-workers (Mar 15)
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Link Layer Type Request NETANALYZER_NG Guy Harris via tcpdump-workers (Mar 18)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Link Layer Type Request NETANALYZER_NG Jan Adam via tcpdump-workers (Mar 22)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Link Layer Type Request NETANALYZER_NG Guy Harris via tcpdump-workers (Mar 22)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Link Layer Type Request NETANALYZER_NG Jan Adam via tcpdump-workers (Mar 24)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Link Layer Type Request NETANALYZER_NG Guy Harris via tcpdump-workers (Mar 24)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: Link Layer Type Request NETANALYZER_NG Jan Adam via tcpdump-workers (Mar 25)