libpcap icon indicating copy to clipboard operation
libpcap copied to clipboard
verified publisher icon the-tcpdump-group

Add LINKTYPE_MCTP/DLT_MCTP and LINKTYPE_PCI_DOE/DLT_PCI_DOE

Open jyao1 opened this issue 4 years ago • 7 comments

Those are media type for DMTF Secure Protocol and Data Model (SPDM) messages.

jyao1 avatar Jan 28 '21 00:01 jyao1

This DLT request has been in the queue for a while.

infrastation avatar Mar 07 '23 07:03 infrastation

The MCTP link-layer header includes neither the medium-specific header nor the medium-specific trailer, correct?

infrastation avatar Mar 07 '23 19:03 infrastation

DMTF Secure Protocol and Data Model (SPDM) messages

Presumably that's the DMTF Security Protocol and Data Model (SPDM).

If so, presumably the packet contents for LINKTYPE_MCTP are described by section 4.7.1 "Generic SPDM message format", so the first octet of packet data is an octet containing the SPDM major and minor versions, followed by an octet containing the Request Response Code, and so forth.

guyharris avatar Aug 06 '23 06:08 guyharris

And presumably LINKTYPE_PCI_DOE is for the PCI Data Object Exchange. Sadly, the PCI SIG allows only members of organizations that are members of the PCI SIG to get at the documents for it, but the entry for it on the link-layer header types page should at least mention the names of the specifications on the PCI SIG Specifications page, so people who work for organizations that are members of the PCI SIG can get at them.

(And note that either tcpdump or Wireshark code to dissect them are subject to changes due to either tcpdump or Wireshark dissector programming interface changes; absent a spec that's available to the public, either for free or for a not-too-unreasonable fee, that runs the risk of the people making the code changes having to make guesses.)

guyharris avatar Aug 06 '23 06:08 guyharris

You might want to first make a pull request for the link-layer header types page in the tcpdump.org Web site GitHub repository. See the instructions on how to make such an update.

guyharris avatar Aug 06 '23 06:08 guyharris

Or, rather, make two separate pull requests for the link-layer header types page, one for LINKTYPE_MCTP and one for LINKTYPE_PCI_DOE; there's no reason to tie the two together, as each one can be added without the other.

guyharris avatar Aug 06 '23 06:08 guyharris

(And note that either tcpdump or Wireshark code to dissect them are subject to changes due to either tcpdump or Wireshark dissector programming interface changes; absent a spec that's available to the public, either for free or for a not-too-unreasonable fee, that runs the risk of the people making the code changes having to make guesses.)

tcpdump mostly does not seem to gain new L2 dissectors very often, which is arguably a bug. wireshark does. It would be good to have the above sentence as a policy on the wireshark web site. Myself, I would just drop dissectors when APIs change that don't have accessible specifications :-)

mcr avatar Aug 06 '23 14:08 mcr