Miguel Casas-Sanchez wrote:
Hi all,
I have been messing around with data dumps into libpcap file format
(major=2, minor=4) for testing my traffic generation scripts, and so far
it went very good: I could create different streams, dump them into
file(s), and parse them back using either windump/tcpdump/wireshark.
Now I'm generating ATM cells with AAL5 encapsulated traffic inside (as
per RFC 2684, not RFC 1483 which is superseded) and cannot seem to find
the appropriate DLT_ for "raw atm".
There are, in pcap/bpf.h, the following related DLT modes:
#define DLT_ATM_RFC1483 11 /* LLC-encapsulated ATM */
#define DLT_ATM_CLIP 19 /* Linux Classical-IP over ATM */
#define DLT_SUNATM 123 /* Solaris+SunATM */
DLT_ATM_RFC1483 expects the "packet data" in the dump file, to be
stripped of the atm cell header, and most likely of the AAL5 epilog.
DLT_ATM_CLIP expects the "packet data" in the dump file, to be only
an IP packet, so basically is the same as the previous case.
DLT_SUNATM expects another type of format for "packet data": 1 byte
of traffic type indication, 1 byte VPI and 2-byte VCI, then the atm cell
payload.
I would like to know if anyone implemented/had though about adding a
DLT_ATM_RAW or similar, to dump raw ATM cells as they come from the
network. If necessary/interesting I could add them myself.
You are right, I haven't seen direct support for ATM cells.
For reassembled frames we can convert into the above types, but for raw
cells we would generally use our own format.
I would support adding a DLT_ATM_CELLS or similar.
There is always the question of what metadata per cell is appropriate.
We capture a 4-byte cell header without the HCS. In some cases we have a
'Physical Port ID' which would be useful.
Stephen.
--
-----------------------------------------------------------------------
Stephen Donnelly BCMS PhD email: s...@endace.com
Endace Technology Ltd phone: +64 7 839 0540
Hamilton, New Zealand cell: +64 21 1104378
-----------------------------------------------------------------------
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.