Re: [tcpdump-workers] DLT_ request

Fri, 09 Dec 2016 13:38:10 -0800 

Hi Guy,

Nothing has shipped with any version of macOS yet; indeed I’m trying to avoid 
the mistake that was made with DLT_USER2 and PKTAP.

The link-layer header format is as follows:
struct
{
    // Control information
    uint16_t bcdVersion;        // version of this structure
    uint8_t  headerLength;      // length of this structure
    uint8_t  requestType;       // tAppleUSBHostPacketFilterRequestType
    
    // Transfer information
    uint32_t ioLength;          // amount of data requested/transferred
    uint32_t ioStatus;          // IOReturn
    uint32_t ioFrameCount;      // number of isoch frames following
    uint64_t ioID;              // unique id for this I/O
    
    // Device information
    uint32_t deviceLocation;    // locationID of the device
    uint8_t  deviceSpeed;       // tEndpointSpeed
    uint8_t  deviceAddress;     // tUSBHostDeviceAddress
    uint8_t  endpointAddress;   // Address and Direction
    uint8_t  endpointType;      // tEndpointType
    
    // Additional information
} __attribute__((packed, aligned(sizeof(uint32_t))));

The packet payload is the raw USB data that was sent/received for I/O request.

Thanks,
—scott


> On Dec 7, 2016, at 3:44 PM, Guy Harris <g...@alum.mit.edu> wrote:
> 
> On Dec 1, 2016, at 10:34 AM, Scott Deandrea <sdeand...@apple.com> wrote:
> 
>> We’ve been working to provide developers with a software packet capture 
>> solution for USB transfers at Apple.  To that end, I have implemented a 
>> solution which uses BPF and is libpcap compatible but is currently using the 
>> link type DLT_USER15.
> 
> (Hopefully that hasn't shipped with any version of macOS, and is only being 
> used internally to Apple, so that Apple hasn't repeated the mistake they made 
> with DLT_USER2 and PKTAP.)
> 
>> Therefore, I’m requesting a DLT_ value for this.  Please let me know what 
>> the proper procedure is for this
> 
> We need a description of the link-layer header for the packets, and an 
> indication of what the packet payload is - either a document at Apple we can 
> link to, or something we can put into a document hosted on tcpdump.org.

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Reply via email to