On Jan 14, 2015, at 12:10 PM, Michael Tuexen <michael.tue...@lurchi.franken.de>
wrote:
>> On 14 Jan 2015, at 18:19, Denis Ovsienko <de...@ovsienko.info> wrote:
>>
>>> Eventually, we'll be using this format to debug multi-path TCP, in which
>>> case
>>> the IP addresses (and maybe even the IP4/IP6-ness of it) might change.
>>
>> Also there exists SCTP, which implements the concept of variable (0..65535)
>> number of "streams" for each direction of an "association" between a pair of
>> sockets (in TCP these two things are the same), so a stream_id field in the
>> encoding (0 for TCP and UDP) could be handy for SCTP payload representation.
> and don't forget the PPID, the ordered/unordered flag, and the TSN/SSN. All
> this is exposed to the application...
OK, so the transport-layer metadata values we should include are:
UDP: source and destination port numbers
TCP: source and destination port numbers, EOF indication (think of it
as FIN), urgent pointer?
SCTP: source and destination port numbers, stream ID, PPID,
ordered/unordered flag, TSN/SSN
Anything else?
What about TCP - or IP - options? Some of those may be exposed to the
application.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
