tcpdump mailing list archives
Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG
From: Guy Harris via tcpdump-workers <tcpdump-workers () lists tcpdump org>
Date: Thu, 18 Mar 2021 17:04:37 -0700
--- Begin Message --- From: Guy Harris <gharris () sonic net>
Date: Thu, 18 Mar 2021 17:04:37 -0700
On Feb 12, 2021, at 4:49 AM, developer--- via tcpdump-workers <tcpdump-workers () lists tcpdump org> wrote:Sorry for the delay in responding, I had to look thru the code to make sure all the information is accurate. I looked into the option to change in particular the msg_type 1 (decoded SIP message), but for the short term, using export_pdu is not an option because of the changes required. The current implementation for the LINKTYPE_AUERSWALD_LOG uses the following format: Each package starts with a message header followed by the payload and a 0 byte. The message header currently has a fixed width of 150 bytes. For the future the length of the header might change based on the msg_type. (This will allow for less waste compared to the fix length) Whenever the content structure of the message or length of header is changed a new msg_type will be used. /* Literals for displaying level are local level_tab = { [0] = "Off", [1] = "Error", [2] = "Warning", [3] = "Info", [4] = "Debug", [5] = "EDebug" } */ // The Offset in comments is just for convenience for writing wireshark dissectors struct message_hdr { uint16_t msg_type; // Offset 0 uint32_t level; // Offset 2 char category[32]; // Offset 6 union { // New Offsetbase 38 struct { // if msg_type == 0 int32_t pid; // Offset 38 int32_t tgid; // Offset 42 char procname[16]; // Offset 46 char threadname[16]; // Offset 62 char class_name[32]; // Offset 78 char method[32]; // Offset 110 uint32_t lineno; // Offset 142 uint32_t seqno; // Offset 146 }; struct { // if msg_type == 1 char src_ip[16]; // Offset 38 uint16_t src_port; // Offset 54 char dst_ip[16]; // Offset 56 uint16_t dst_port; // Offset 72 }; }; } __attribute__((packed)); // Total 150So what are the byte orders of the 2-byte and 4byte integral fields? What are the values that the msg_type field can have? Presumably the values that the level field can have are 0-5, with the meanings indicated. Presumably category is a string; what does that string signify? What do the values signify in a message of message type 0? They appear to indicate a thread within a process; do they also indicate the sending class and method? Is linen a line of source code in the implememtation of that method, or something else? What is the tgid? What is the sequence number? What is the payload following the header?
--- End Message ---
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 03)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Feb 03)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Michael Richardson via tcpdump-workers (Feb 03)
- Message not available
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Anders Broman via tcpdump-workers (Feb 04)
- Message not available
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Feb 04)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- <Possible follow-ups>
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 04)
- Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG developer--- via tcpdump-workers (Feb 12)
- Re: Request for new LINKTYPE_* code LINKTYPE_AUERSWALD_LOG Guy Harris via tcpdump-workers (Mar 18)