tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request DLT_/LINKTYPE_ value for vSockets

From: Gerard Garcia <ggarcia () deic uab cat>
Date: Tue, 19 Jul 2016 16:12:53 +0200


On 07/18/2016 11:36 PM, Guy Harris wrote:

OK, so here's a description of the header, in the style of other pages linked to by the "Link-layer header types" page:

Packet structure

+---------------------------+
|         Source CID        |
|         (8 Octets)        |
+---------------------------+
|      Destination CID      |
|         (8 Octets)        |
+---------------------------+
|        Source port        |
|         (4 Octets)        |
+---------------------------+
|      Destination port     |
|         (4 Octets)        |
+---------------------------+
|         Operation         |
|         (2 Octets)        |
+---------------------------+
|    Transport header type  |
|         (2 Octets)        |
+---------------------------+
|   Transport header length |
|         (2 Octets)        |
+---------------------------+
|      Transport header     |
.                           .
.                           .
.                           .
+---------------------------+
|           Payload         |
.                           .
.                           .
.                           .


Description

The source and destination CID fields are in little-endian byte order; they identify the source and destination vsock 
devices.

The source and destination port fields are in little-endian byte order; they identify XXX.

The operation field is in little-endian byte order; it contains a value that is one of:

        * 1, for a connect operation;
        * 2, for a disconnect operation;
        * 3, for a control operation;
        * 4, for a data transfer operation.

The transport header type field is in little-endian byte order; it contains a value that is one of:

        * 1, if there is no transport header information;
        * 2, if there is a virtio transport header.

The transport header length field is in little-endian byte order; it indicates how many bytes of transport header 
follow the length field.  It may be non-zero even if the transport header type field has a value of 1; in that case, 
the bytes for the transport header should be skipped.

If the transport header type field has a value of 2, the transport header is a virtio transport header:

        {fill in description here}

For packets with an operation field with a value of 4, the payload follows the transport header.

So the questions that remain are:

        1) What do the ports identify?  Different connections on the same vsock device?

They identify a data stream within a vsock device.

        2) What is the format of the transport header?
It is well described in the virtio vsock specification: https://stefanha.github.io/virtio/#x1-2800007 May we just link there? At some point it will be merged with the official specification documents (http://docs.oasis-open.org/virtio/virtio/v1.0/virtio-v1.0.html) so the link will need to be updated. 
        3) Will the length of the transport header ever change?

We should assume that it may change.

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: