Hi
Df_type is a part of CC configuration set by LEA for that target and I
made a little mistake not explaining it properly.
This encoding is only relevant for IRI data in which case, Data can be
either 0x03 ELEE format for IRI which is explained in
3.3.2.1.2.1.2.1.
<http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=http://socket.hr/draft-dfranusic-opsawg-elee-00.xml&modeAsFormat=html/ascii&type=ascii#rfc.section.3.3.2.1.2.1.2.1>IPIRI
Data Body. In case of CC data, Data part is alwas rawraw packet data
starting with ETH header(DLT 0x01). I will fix this (Df_type should be
ignored in case of CC data), but like I said it's work in progress.
On 5/19/19 12:21 AM, Guy Harris wrote:
On May 12, 2019, at 1:28 PM, Damir Franusic <damir.franu...@gmail.com> wrote:
I've tried to be as prompt and as accurate as possible so here is the draft, I
hope you'll appreciate the effort. I agree
that the initial thing I sent was an abomination. I will work on this draft as
the project progresses, but for now, it covers
everything implemented so far.
http://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?url=http://socket.hr/draft-dfranusic-elee-00.xml&modeAsFormat=html/ascii
Currently, the spec says that in a "Target PDU with CC data", the "Data size" field is the "Size of CC
data encoded using the value from Df_type field (UINT32 field)" and the "Data" field is the "Raw CC packet
data".
The "Df_type" field has values:
0x01 Libpcap File Format (PCAP)
0x02 ASN.1 Basic Encoding Rules (BER)
0x03 ELEE Encapsulation
What do those values mean in this context?
For a value of 0x01, does that mean that the "Raw CC packet data" contains a
pcap record:
https://www.tcpdump.org/manpages/pcap-savefile.5.html
with a time stamp, captured data length, and on-the-network data length,
followed by packet data? If so, what indicates the time stamp resolution and
the link-layer type of the packet data?
Presumably 0x02 means BER-encoded ASN.1 data according to some ETSI
specification, as per
The format of that delivery if defined by ETSI; they describe everything in
great detail by using ASN.1 notation which is then encoded using
BER when sent by wire.
What ETSI specification is that?
And what does 0x03 mean? If it's an "ELEE Encapsulation", it would presumably
need to be defined by the ELEE spec itself, but it's not currently defined in that spec.
--
Damir Franusic
email: damir.franu...@gmail.com
http://ele2.io/
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
