1190214Srpaulo<HTML><HEAD> 2190214Srpaulo<STYLE type="text/css"> 3190214Srpaulo<!-- 4190214SrpauloA { text-decoration:none } 5190214Srpaulo--> 6190214Srpaulo</STYLE> 7190214Srpaulo</HEAD> 8190214Srpaulo<BODY> 9190214Srpaulo 10190214Srpaulo<TABLE WIDTH=100%><TR> 11190214Srpaulo <TD ALIGN=LEFT VALIGN=TOP> 12190214Srpaulo <FONT SIZE=+0 FACE="COURIER"><B>A "Distributed Pcap" for<BR>Remote Monitoring LANs & WANs</B><BR> 13190214Srpaulo (Design Notes for the SITA ACN device)</FONT> 14190214Srpaulo </TD> 15190214Srpaulo <TD ALIGN=RIGHT VALIGN=TOP> 16190214Srpaulo Fulko Hew<BR>SITA INC Canada, Inc.<BR>Revised: October 2, 2007 17190214Srpaulo </TD> 18190214Srpaulo</TR></TABLE> 19190214Srpaulo 20190214Srpaulo 21190214Srpaulo<H3>SUMMARY</H3> 22190214Srpaulo<UL> 23214518Srpaulo <STRONG>Note:</STRONG> This document is part of the libpcap Git and was derived from 'pcap.3' (circa Aug/07). 24190214Srpaulo <P> 25190214Srpaulo The ACN provides a customized/distributed version of this library that alows SMPs to 26190214Srpaulo interact with the various IOPs within the site providing a standard mechanism 27190214Srpaulo to capture LAN and WAN message traffic. 28190214Srpaulo <P> 29190214Srpaulo <CENTER> 30190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3 WIDTH=75%> 31190214Srpaulo <TR> 32190214Srpaulo <TH VALIGN=TOP>SMP</TH> 33190214Srpaulo <TD VALIGN=TOP>The Supervisory Management Processor where Wireshark (or equivalent) 34190214Srpaulo runs in conjuction with a libpcap front-end.</TD> 35190214Srpaulo </TR> 36190214Srpaulo <TR> 37190214Srpaulo <TH VALIGN=TOP>IOP</TH> 38190214Srpaulo <TD VALIGN=TOP>I/O Processors where the monitored ports exist in conjunction 39190214Srpaulo with a custom device driver/libpcap back-end.</TD> 40190214Srpaulo </TR> 41190214Srpaulo </TABLE> 42190214Srpaulo </CENTER> 43190214Srpaulo <P> 44190214Srpaulo Each IOP will be capable of supporting multiple connections from an SMP 45190214Srpaulo enabling monitoring of more than one interface at a time, each through 46190214Srpaulo its own seperate connection. The IOP is responsible to ensure and report 47190214Srpaulo an error if any attempt is made to monitor the same interface more than once. 48190214Srpaulo <P> 49190214Srpaulo There are three applications that will be supported by the ACN version of libpcap. 50190214Srpaulo They each use a slightly different mode for looping/capturing and termination 51190214Srpaulo as summarized in the following table: 52190214Srpaulo <P> 53190214Srpaulo <CENTER> 54190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 55190214Srpaulo <TR><TH>Application</TH> <TH>Capture</TH> <TH>Termination</TH></TR> 56190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>wireshark</TH> 57190214Srpaulo <TD VALIGN=TOP>pcap_dispatch(all packets in one buffer of capture only)</TD> 58190214Srpaulo <TD VALIGN=TOP>pcap_breakloop()</TD> 59190214Srpaulo </TR> 60190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>tshark</TH> 61190214Srpaulo <TD VALIGN=TOP>pcap_dispatch(one buffer of capture only)</TD> 62190214Srpaulo <TD VALIGN=TOP>Since a CTRL-C was used to terminate the application, pcap_breakloop() is never called.</TD> 63190214Srpaulo </TR> 64190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>tcpdump</TH> 65190214Srpaulo <TD VALIGN=TOP>pcap_loop(all packets in the next buffer, and loop forever)</TD> 66190214Srpaulo <TD VALIGN=TOP>pcap_breakloop()</TD> 67190214Srpaulo </TR> 68190214Srpaulo </TABLE> 69190214Srpaulo </CENTER> 70190214Srpaulo <P> 71190214Srpaulo <B>Note: </B>In all cases, the termination of capturing is always (apparently) followed by 72190214Srpaulo pcap_close(). Pcap_breakloop() is only used to stop/suspend looping/processing, 73190214Srpaulo and upon close interpretation of the function definitions, it is possible to resume 74190214Srpaulo capturing following a pcap_breakloop() without any re-initialization. 75190214Srpaulo <P> 76190214Srpaulo <H4>ACN Limitations</H4> 77190214Srpaulo <OL> 78190214Srpaulo <LI>Monitoring of backup IOPs is not currently supported. 79190214Srpaulo <LI>Ethernet interfaces cannot be monitored in promiscuous mode. 80190214Srpaulo </OL> 81190214Srpaulo 82190214Srpaulo</UL> 83190214Srpaulo 84190214Srpaulo<H3>ROUTINES</H3> 85190214Srpaulo<UL> 86190214Srpaulo The following list of functions is the sub-set of Pcap functions that have been 87190214Srpaulo altered/enhanced to support the ACN remote monitoring facility. The remainder of the Pcap 88190214Srpaulo functions continue to perform their duties un-altered. Libpcap only supports this 89190214Srpaulo mode of operation if it has been configured/compiled for SITA/ACN support. 90190214Srpaulo <P> 91190214Srpaulo <UL><FONT FACE=COURIER> 92190214Srpaulo pcap_findalldevs<BR> 93190214Srpaulo pcap_freealldevs<BR> 94190214Srpaulo pcap_open_live<BR> 95190214Srpaulo pcap_close<BR> 96190214Srpaulo pcap_setfilter<BR> 97190214Srpaulo pcap_dispatch<BR> 98190214Srpaulo pcap_loop<BR> 99190214Srpaulo pcap_next<BR> 100190214Srpaulo pcap_next_ex<BR> 101190214Srpaulo pcap_stats<BR> 102190214Srpaulo </FONT></UL> 103190214Srpaulo 104190214Srpaulo These subroutines have been modified for the ACN specific distributed and remote monitoring 105190214Srpaulo ability perform the following basic functions. More detail is provided in the 106190214Srpaulo "SMP/IOP Inter-Process Communication Protocol" section. 107190214Srpaulo <P> 108190214Srpaulo<TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 109190214Srpaulo <TR> 110190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_open_live()</B></TD> 111190214Srpaulo <TD VALIGN=TOP>Used to obtain a packet capture descriptor to look at packets on the network.</TD> 112190214Srpaulo </TR> 113190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 114190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 115190214Srpaulo <TD> 116190214Srpaulo The SMP will open a connection to the selected IOP on its 'sniffer' port 117190214Srpaulo to ensure it is available. It sends a null terminated string identifying 118190214Srpaulo the interface to be monitored. 119190214Srpaulo </TD> 120190214Srpaulo </TR> 121190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH> 122190214Srpaulo <TD> 123190214Srpaulo After any required processing is complete, the IOP will return a 124190214Srpaulo null terminated string containing an error message if one occured. 125190214Srpaulo If no error occured, a empty string is still returned. 126190214Srpaulo Errors are: 127190214Srpaulo <UL> 128190214Srpaulo <LI>"Interface (xxx) does not exist." 129190214Srpaulo <LI>"Interface (xxx) not configured." 130190214Srpaulo <LI>"Interface (xxx) already being monitored." 131190214Srpaulo </UL> 132190214Srpaulo </TD> 133190214Srpaulo </TR> 134190214Srpaulo </TABLE></TD></TR> 135190214Srpaulo 136190214Srpaulo <TR> 137190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_findalldevs()</B></TD> 138190214Srpaulo <TD VALIGN=TOP>It constructs a list of network devices that can be opened with pcap_open_live().</TD> 139190214Srpaulo </TR> 140190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 141190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP</TH> 142190214Srpaulo <TD> 143190214Srpaulo It obtains a list of IOPs currently available (via /etc/hosts). 144190214Srpaulo </TD> 145190214Srpaulo </TR> 146190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 147190214Srpaulo <TD> 148190214Srpaulo The SMP will sequentially open a connection to each IOP on its 'sniffer' port to ensure 149190214Srpaulo the IOP is available. 150190214Srpaulo It sends a null terminated empty interface ID followed by the query request command. 151190214Srpaulo </TD> 152190214Srpaulo </TR> 153190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH> 154190214Srpaulo <TD>The IOP returns an error response and its list of devices. 155190214Srpaulo </TD> 156190214Srpaulo </TR> 157190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 158190214Srpaulo <TD> 159190214Srpaulo The SMP closes the TCP connection with each IOP. 160190214Srpaulo </TD> 161190214Srpaulo </TR> 162190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP</TH> 163190214Srpaulo <TD> 164190214Srpaulo The SMP adds the received information to its internal structure. 165190214Srpaulo </TD> 166190214Srpaulo </TR> 167190214Srpaulo </TABLE></TD></TR> 168190214Srpaulo 169190214Srpaulo <TR> 170190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_freealldevs()</B></TD> 171190214Srpaulo <TD VALIGN=TOP>Used to free a list allocated by pcap_findalldevs().</TD> 172190214Srpaulo </TR> 173190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 174190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP</TH> 175190214Srpaulo <TD> 176190214Srpaulo The SMP frees the structure it built as a result of the previous 177190214Srpaulo invocation of pcap_findalldevs(). 178190214Srpaulo </TD> 179190214Srpaulo </TR> 180190214Srpaulo </TABLE></TD></TR> 181190214Srpaulo 182190214Srpaulo <TR> 183190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_dispatch()</B></TD> 184190214Srpaulo <TD VALIGN=TOP>Used to collect and process packets.</TD> 185190214Srpaulo </TR> 186190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 187190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 188190214Srpaulo <TD> 189190214Srpaulo On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(), 190190214Srpaulo the SMP will pass down the monitor start command and various parameters the IOP should use. 191190214Srpaulo </TD> 192190214Srpaulo </TR> 193190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH> 194190214Srpaulo <TD> 195190214Srpaulo The IOP now sends a stream of captured data. 196190214Srpaulo </TD> 197190214Srpaulo </TR> 198190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP</TH> 199190214Srpaulo <TD> 200190214Srpaulo The SMP will read the reverse channel of the connection between the SMP and the 201190214Srpaulo IOP that provides the captured data (via 'p->read_op' which is 'pcap_read_linux()' 202190214Srpaulo until the select() call returns a 'no more data' indication. 203190214Srpaulo It will the process (at most) the next 'cnt' packets and invoke the specified 204190214Srpaulo callback function for each packet processed. 205190214Srpaulo </TD> 206190214Srpaulo </TR> 207190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP</TH> 208190214Srpaulo <TD> 209190214Srpaulo The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP. 210190214Srpaulo </TD> 211190214Srpaulo </TR> 212190214Srpaulo </TABLE></TD></TR> 213190214Srpaulo 214190214Srpaulo <TR> 215190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_loop()</B></TD> 216190214Srpaulo <TD VALIGN=TOP> 217190214Srpaulo Is similar to pcap_dispatch() except it keeps reading packets until 218190214Srpaulo the requested number of packets are processed or an error occurs. 219190214Srpaulo </TD> 220190214Srpaulo </TR> 221190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 222190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 223190214Srpaulo <TD> 224190214Srpaulo On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(), 225190214Srpaulo the SMP will pass down the monitor start command and various parameters the IOP should use. 226190214Srpaulo </TD> 227190214Srpaulo </TR> 228190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH> 229190214Srpaulo <TD> 230190214Srpaulo The IOP now sends a stream of captured data. 231190214Srpaulo </TD> 232190214Srpaulo </TR> 233190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP</TH> 234190214Srpaulo <TD> 235190214Srpaulo The SMP continuously reads the next packet from the reverse channel of the connection 236190214Srpaulo between the SMP and the IOP that provides the captured data (via 'p->read_op' 237190214Srpaulo which is 'pcap_read_linux()' until 'cnt' packets have been received. 238190214Srpaulo The specified callback function will be invoked for each packet received. 239190214Srpaulo </TD> 240190214Srpaulo </TR> 241190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP</TH> 242190214Srpaulo <TD> 243190214Srpaulo The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP. 244190214Srpaulo </TD> 245190214Srpaulo </TR> 246190214Srpaulo </TABLE></TD></TR> 247190214Srpaulo 248190214Srpaulo <TR> 249190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_next()</B></TD> 250190214Srpaulo <TD VALIGN=TOP> 251190214Srpaulo It reads the next packet (by calling pcap_dispatch() with a count of 1) 252190214Srpaulo and returns a pointer to the data in that packet. 253190214Srpaulo </TD> 254190214Srpaulo </TR> 255190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 256190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 257190214Srpaulo <TD> 258190214Srpaulo On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(), 259190214Srpaulo the SMP will pass down the monitor start command and various parameters the IOP should use. 260190214Srpaulo </TD> 261190214Srpaulo </TR> 262190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH> 263190214Srpaulo <TD> 264190214Srpaulo The IOP now sends a stream of captured data. 265190214Srpaulo </TD> 266190214Srpaulo </TR> 267190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP</TH> 268190214Srpaulo <TD> 269190214Srpaulo The SMP reads only the next packet from the reverse channel of the connection 270190214Srpaulo between the SMP and the IOP that provides the captured data (via calling pcap_dispatch() 271190214Srpaulo with a count of 1) and returns a pointer to that data by invoking an internal callback. 272190214Srpaulo </TD> 273190214Srpaulo </TR> 274190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP</TH> 275190214Srpaulo <TD> 276190214Srpaulo The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP. 277190214Srpaulo </TD> 278190214Srpaulo </TR> 279190214Srpaulo </TABLE></TD></TR> 280190214Srpaulo 281190214Srpaulo <TR> 282190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_next_ex()</B></TD> 283190214Srpaulo <TD VALIGN=TOP>Reads the next packet and returns a success/failure indication.</TD> 284190214Srpaulo </TR> 285190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 286190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 287190214Srpaulo <TD> 288190214Srpaulo On the first invocation of pcap_dispatch(), pcap_loop(), or pcap_next(), or pcap_next_ex() following a pcap_open_live(), 289190214Srpaulo the SMP will pass down the monitor start command and various parameters the IOP should use. 290190214Srpaulo </TD> 291190214Srpaulo </TR> 292190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH> 293190214Srpaulo <TD> 294190214Srpaulo The IOP now sends a stream of captured data. 295190214Srpaulo </TD> 296190214Srpaulo </TR> 297190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP</TH> 298190214Srpaulo <TD> 299190214Srpaulo The SMP reads only the next packet from the reverse channel of the connection 300190214Srpaulo between the SMP and the IOP that provides the captured data (via calling pcap_dispatch() 301190214Srpaulo with a count of 1) and returns seperate pointers to both the 302190214Srpaulo packet header and packet data by invoking an internal callback. 303190214Srpaulo </TD> 304190214Srpaulo </TR> 305190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP</TH> 306190214Srpaulo <TD> 307190214Srpaulo The IOP continues to listen for additional commands as well as capturing and forwarding data to the SMP. 308190214Srpaulo </TD> 309190214Srpaulo </TR> 310190214Srpaulo </TABLE></TD></TR> 311190214Srpaulo 312190214Srpaulo <TR> 313190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_setfilter()</B></TD> 314190214Srpaulo <TD VALIGN=TOP>Used to specify a filter program.</TD> 315190214Srpaulo </TR> 316190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 317190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 318190214Srpaulo <TD> 319190214Srpaulo The SMP sends a 'set filter' command followed by the BPF commands. 320190214Srpaulo </TD> 321190214Srpaulo </TR> 322190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH> 323190214Srpaulo <TD> 324190214Srpaulo The IOP returns a null terminated error string if it failed to accept the filter. 325190214Srpaulo If no error occured, then a NULL terminated empty string is returned instead. 326190214Srpaulo Errors are: 327190214Srpaulo <UL> 328190214Srpaulo <LI>"Invalid BPF." 329190214Srpaulo <LI>"Insufficient resources for BPF." 330190214Srpaulo </UL> 331190214Srpaulo </TD> 332190214Srpaulo </TR> 333190214Srpaulo </TABLE></TD></TR> 334190214Srpaulo 335190214Srpaulo <TR> 336190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_stats()</B></TD> 337190214Srpaulo <TD VALIGN=TOP>Fills in a pcap_stat struct with packet statistics.</TD> 338190214Srpaulo </TR> 339190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 340190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 341190214Srpaulo <TD> 342190214Srpaulo The SMP sends a message to the IOP requesting its statistics. 343190214Srpaulo </TD> 344190214Srpaulo </TR> 345190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP -> SMP</TH> 346190214Srpaulo <TD> 347190214Srpaulo The IOP returns the statistics. 348190214Srpaulo </TD> 349190214Srpaulo </TR> 350190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP</TH> 351190214Srpaulo <TD> 352190214Srpaulo The SMP fills in the structure provided with the information retrieved from the IOP. 353190214Srpaulo </TD> 354190214Srpaulo </TR> 355190214Srpaulo </TABLE></TD></TR> 356190214Srpaulo 357190214Srpaulo <TR> 358190214Srpaulo <TD VALIGN=TOP ROWSPAN=2><B>pcap_close()</B></TD> 359190214Srpaulo <TD VALIGN=TOP>Closes the file and deallocates resources.</TD> 360190214Srpaulo </TR> 361190214Srpaulo <TR><TD><TABLE BORDER=0 CELLSPACING=0 CELLPADDING=3 WIDTH=100%> 362190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>SMP -> IOP</TH> 363190214Srpaulo <TD> 364190214Srpaulo The SMP closes the file descriptor, and if the descriptor is that of 365190214Srpaulo the comminucation session with an IOP, it too is terminated. 366190214Srpaulo </TD> 367190214Srpaulo </TR> 368190214Srpaulo <TR><TH VALIGN=TOP NOWRAP>IOP</TH> 369190214Srpaulo <TD> 370190214Srpaulo If the IOP detects that its communication session with an SMP 371190214Srpaulo has closed, it will terminate any monitoring in progress, 372190214Srpaulo release any resources and close its end of the session. 373190214Srpaulo It will not maintain persistance of any information or prior mode of operation. 374190214Srpaulo </TD> 375190214Srpaulo </TR> 376190214Srpaulo </TABLE></TD></TR> 377190214Srpaulo</TABLE> 378190214Srpaulo</UL> 379190214Srpaulo 380190214Srpaulo<P> 381190214Srpaulo<H3>SMP/IOP Inter-Process Communication Protocol</H3> 382190214Srpaulo 383190214Srpaulo<UL> 384190214Srpaulo <LI><P>Communications between an SMP and an IOP consists of a TCP session 385190214Srpaulo between an ephemeral port on the SMP and the well known port of 49152 386190214Srpaulo (which is the first available port in the 'dynamic and/or private port' 387190214Srpaulo range) on an IOP. 388190214Srpaulo <LI><P>Following a TCP open operation the IOP receives a null terminated 389190214Srpaulo 'interface ID' string to determine the type of operation that follows: 390190214Srpaulo <LI><P>Every command received by an IOP implies a 'stop trace/stop forwarding' operation must 391190214Srpaulo occur before executing the received command. 392190214Srpaulo <LI><P>A session is closed when the SMP closes the TCP session with the IOP. 393190214Srpaulo Obviously monitoring and forwarding is also stopped at that time. 394190214Srpaulo 395190214Srpaulo <B>Note: </B>All multi-octet entities are sent in network neutral order. 396190214Srpaulo <P> 397190214Srpaulo 398190214Srpaulo <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=5> 399190214Srpaulo <TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR> 400190214Srpaulo <TR> 401190214Srpaulo <TD VALIGN=TOP ROWSPAN=6>pcap_findalldevs()</TD> 402190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD> 403190214Srpaulo <TD VALIGN=TOP>Open socket (to each IOP), and sends: 404190214Srpaulo <P> 405190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 406190214Srpaulo <TR> 407190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 408190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 409190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 410190214Srpaulo </TR> 411190214Srpaulo <TR> 412190214Srpaulo <TD VALIGN=TOP>Interface ID</TD> 413190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 414190214Srpaulo <TD VALIGN=TOP>A NULL to indicate an an empty 'interface ID'.</TD> 415190214Srpaulo </TR> 416190214Srpaulo </TABLE> 417190214Srpaulo </TD> 418190214Srpaulo </TR> 419190214Srpaulo <TR> 420190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD> 421190214Srpaulo <TD VALIGN=TOP>Send its (possibly empty) NULL terminated error response string.</TD> 422190214Srpaulo </TR> 423190214Srpaulo <TR> 424190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD> 425190214Srpaulo <TD VALIGN=TOP>Sends the 'interface query request': 426190214Srpaulo <P> 427190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 428190214Srpaulo <TR> 429190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 430190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 431190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 432190214Srpaulo </TR> 433190214Srpaulo <TR> 434190214Srpaulo <TD VALIGN=TOP>Interface ID</TD> 435190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 436190214Srpaulo <TD VALIGN=TOP>A 'Q' (indicating 'interface query request').</TD> 437190214Srpaulo </TR> 438190214Srpaulo </TABLE> 439190214Srpaulo </TD> 440190214Srpaulo </TR> 441190214Srpaulo <TR> 442190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD> 443190214Srpaulo <TD VALIGN=TOP>The IOP returns a list of sequences of information as 444190214Srpaulo defined by the return parameter of this function call (as shown in the following table). 445190214Srpaulo Elements are specified by providing an unsigned byte preceeding the actual data that contains length information. 446190214Srpaulo <P> 447190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 448190214Srpaulo <TR> 449190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Notes:</TH> 450190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 451190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 452190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 453190214Srpaulo </TR> 454190214Srpaulo <TR> 455190214Srpaulo <TD ROWSPAN=7> </TD> 456190214Srpaulo <TD VALIGN=TOP ALIGN=RIGHT>length</TD> 457190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 458190214Srpaulo <TD VALIGN=TOP>The number of octets in the name field that follows.</TD> 459190214Srpaulo </TR> 460190214Srpaulo <TR><TD VALIGN=TOP ALIGN=LEFT>Name</TD> 461190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1-255</TD> 462190214Srpaulo <TD VALIGN=TOP>The name of the interface. The format of the name is an alphabetic string (indicating 463190214Srpaulo the type of interface) followed by an optional numeric string (indicating the interface's 464190214Srpaulo sequence number). 465190214Srpaulo Sequence numbers (if needed) will begin at zero and progress monotonically upwards. 466190214Srpaulo (i.e. 'eth0', 'lo', 'wan0', etc.) 467190214Srpaulo <P> 468190214Srpaulo For an IOP, the alphabetic string will be one of: 'eth', 'wan', and 'lo' 469190214Srpaulo for Ethernet, WAN ports and the IP loopback device respectively. 470190214Srpaulo An IOP currently supports: 'eth0', 'eth1', 'lo', 'wan0' ... 'wan7'. 471190214Srpaulo <P> 472190214Srpaulo <B>Note:</B> IOPs and ACNs will not currently support the concept of 'any' interface.</TD> 473190214Srpaulo </TR> 474190214Srpaulo <TR><TD VALIGN=TOP ALIGN=RIGHT>length</TD> 475190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 476190214Srpaulo <TD VALIGN=TOP>The number of octets in the interface description field that follows.</TD> 477190214Srpaulo </TR> 478190214Srpaulo <TR><TD VALIGN=TOP ALIGN=LEFT>Interface Description</TD> 479190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>0-255</TD> 480190214Srpaulo <TD VALIGN=TOP>A description of the interface or it may be an empty string. (i.e. 'ALC')</TD> 481190214Srpaulo </TR> 482190214Srpaulo <TR><TD VALIGN=TOP ALIGN=LEFT>Interface Type</TD> 483190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>4</TD> 484190214Srpaulo <TD VALIGN=TOP>The type of interface as defined in the description for pcap_datalink() (in network neutral order).</TD> 485190214Srpaulo </TR> 486190214Srpaulo <TR><TD VALIGN=TOP ALIGN=LEFT>Loopback Flag</TD> 487190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 488190214Srpaulo <TD VALIGN=TOP>1 = if the interface is a loopback interface, zero = otherwise.</TD> 489190214Srpaulo </TR> 490190214Srpaulo <TR><TD VALIGN=TOP ALIGN=RIGHT>count</TD> 491190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 492190214Srpaulo <TD VALIGN=TOP># of address entries that follow. 493190214Srpaulo Each entry is a series of bytes in network neutral order. 494190214Srpaulo See the parameter definition above for more details.</TD> 495190214Srpaulo </TR> 496190214Srpaulo <TR> 497190214Srpaulo <TD ALIGN=CENTER ROWSPAN=8 WIDTH=1%>Repeated 'count' number of times.</TD> 498190214Srpaulo <TD VALIGN=TOP ALIGN=RIGHT>length</TD> 499190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 500190214Srpaulo <TD VALIGN=TOP>The number of octets in the address field that follows.</TD> 501190214Srpaulo </TR> 502190214Srpaulo <TR><TD VALIGN=TOP ALIGN=LEFT>Address</TD> 503190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1-255</TD> 504190214Srpaulo <TD VALIGN=TOP>The address of this interface (in network neutral order).</TD> 505190214Srpaulo </TR> 506190214Srpaulo <TR><TD VALIGN=TOP ALIGN=RIGHT>length</TD> 507190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 508190214Srpaulo <TD VALIGN=TOP>The number of octets in the netmask field that follows.</TD> 509190214Srpaulo </TR> 510190214Srpaulo <TR><TD VALIGN=TOP ALIGN=LEFT>Network Mask</TD> 511190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>0-255</TD> 512190214Srpaulo <TD VALIGN=TOP>The network mask used on this interface (if applicable) (in network neutral order).</TD> 513190214Srpaulo </TR> 514190214Srpaulo <TR><TD VALIGN=TOP ALIGN=RIGHT>length</TD> 515190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 516190214Srpaulo <TD VALIGN=TOP>The number of octets in the broadcast address field that follows.</TD> 517190214Srpaulo </TR> 518190214Srpaulo <TR><TD VALIGN=TOP ALIGN=LEFT>Broadcast Address</TD> 519190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>0-255</TD> 520190214Srpaulo <TD VALIGN=TOP>The broadcast address of this interface (if applicable) (in network neutral order).</TD> 521190214Srpaulo </TR> 522190214Srpaulo <TR><TD VALIGN=TOP ALIGN=RIGHT>length</TD> 523190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 524190214Srpaulo <TD VALIGN=TOP>The number of octets in the destination address field that follows.</TD> 525190214Srpaulo </TR> 526190214Srpaulo <TR><TD VALIGN=TOP ALIGN=LEFT>Destination Address</TD> 527190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>0-255</TD> 528190214Srpaulo <TD VALIGN=TOP>The destination address of this interface (if applicable) (in network neutral order).</TD> 529190214Srpaulo </TR> 530190214Srpaulo </TABLE> 531190214Srpaulo </TR> 532190214Srpaulo <TR> 533190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD> 534190214Srpaulo <TD VALIGN=TOP>Close the socket.</TD> 535190214Srpaulo </TR> 536190214Srpaulo <TR> 537190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD> 538190214Srpaulo <TD VALIGN=TOP>Close the socket.</TD> 539190214Srpaulo </TR> 540190214Srpaulo <TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR> 541190214Srpaulo <TR> 542190214Srpaulo <TD VALIGN=TOP ROWSPAN=2>pcap_open_live()</TD> 543190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD> 544190214Srpaulo <TD VALIGN=TOP>Open socket, and sends: 545190214Srpaulo <P> 546190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 547190214Srpaulo <TR> 548190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 549190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 550190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 551190214Srpaulo </TR> 552190214Srpaulo <TR> 553190214Srpaulo <TD VALIGN=TOP>Interface ID</TD> 554190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>'n'</TD> 555190214Srpaulo <TD VALIGN=TOP>'n' octets containing a NULL terminated interface name string.</TD> 556190214Srpaulo </TR> 557190214Srpaulo </TABLE> 558190214Srpaulo </TD> 559190214Srpaulo </TR> 560190214Srpaulo <TR> 561190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD> 562190214Srpaulo <TD VALIGN=TOP>Send its NULL terminated error response string.</TD> 563190214Srpaulo </TR> 564190214Srpaulo <TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR> 565190214Srpaulo <TR> 566190214Srpaulo <TD VALIGN=TOP NOWRAP ROWSPAN=2>pcap_dispatch()<BR>pcap_loop()<BR>pcap_next()<BR>pcap_next_ex()</TD> 567190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD> 568190214Srpaulo <TD VALIGN=TOP>On the first invocation following a pcap_open_live() or pcap_breakloop() additional information is sent: 569190214Srpaulo <P> 570190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 571190214Srpaulo <TR> 572190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 573190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 574190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 575190214Srpaulo </TR> 576190214Srpaulo <TR> 577190214Srpaulo <TD VALIGN=TOP>command</TD> 578190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 579190214Srpaulo <TD VALIGN=TOP>'M' (indicating 'monitor start')</TD> 580190214Srpaulo </TR> 581190214Srpaulo <TR> 582190214Srpaulo <TD VALIGN=TOP>snaplen</TD> 583190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>4</TD> 584190214Srpaulo <TD VALIGN=TOP>snaplen</TD> 585190214Srpaulo </TR> 586190214Srpaulo <TR> 587190214Srpaulo <TD VALIGN=TOP>timeout</TD> 588190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 589190214Srpaulo <TD VALIGN=TOP>timeout value (in milliseconds)</TD> 590190214Srpaulo </TR> 591190214Srpaulo <TR> 592190214Srpaulo <TD VALIGN=TOP>promiscuous</TD> 593190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 594190214Srpaulo <TD VALIGN=TOP>A flag indicating that the interface being monitored show operate 595190214Srpaulo in promiscuous mode. [off(0) / on(NZ)]</TD> 596190214Srpaulo </TR> 597190214Srpaulo <TR> 598190214Srpaulo <TD VALIGN=TOP>direction</TD> 599190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 600190214Srpaulo <TD VALIGN=TOP>A flag indicating the direction of traffic that should be captuted [both(0) / in(1) / out(2)]</TD> 601190214Srpaulo </TR> 602190214Srpaulo </TABLE> 603190214Srpaulo </TD> 604190214Srpaulo </TR> 605190214Srpaulo <TR> 606190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD> 607190214Srpaulo <TD VALIGN=TOP>Sends captured packets.</TD> 608190214Srpaulo </TR> 609190214Srpaulo <TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR> 610190214Srpaulo <TR> 611190214Srpaulo <TD VALIGN=TOP ROWSPAN=2>pcap_setfilter()</TD> 612190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD> 613190214Srpaulo <TD VALIGN=TOP>At any time, the SMP can issue a set filter command which contains 614190214Srpaulo an indicator, a count of the number of statements in the filter, 615190214Srpaulo followed by the sequence of filter commands represented as a sequence 616190214Srpaulo of C-style structures. 617190214Srpaulo <P> 618190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 619190214Srpaulo <TR> 620190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 621190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 622190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 623190214Srpaulo </TR> 624190214Srpaulo <TR> 625190214Srpaulo <TD VALIGN=TOP>command</TD> 626190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 627190214Srpaulo <TD VALIGN=TOP>'F' (indicating 'filter')</TD> 628190214Srpaulo </TR> 629190214Srpaulo <TR> 630190214Srpaulo <TD VALIGN=TOP>count</TD> 631190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>4</TD> 632190214Srpaulo <TD VALIGN=TOP>The number of command in the Berkeley Packet Filter that follow.</TD> 633190214Srpaulo </TR> 634190214Srpaulo <TR> 635190214Srpaulo <TD VALIGN=TOP>BPF program</TD> 636190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>'n'</TD> 637190214Srpaulo <TD VALIGN=TOP>8 bytes of each command (repeated 'n' times).<BR> 638190214Srpaulo Each command consists of that C-style structure which contains: 639190214Srpaulo <P> 640190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 641190214Srpaulo <TR> 642190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 643190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 644190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 645190214Srpaulo </TR> 646190214Srpaulo <TR> 647190214Srpaulo <TD VALIGN=TOP>opcode</TD> 648190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>2</TD> 649190214Srpaulo <TD VALIGN=TOP>The command's opcode.</TD> 650190214Srpaulo </TR> 651190214Srpaulo <TR> 652190214Srpaulo <TD VALIGN=TOP>'jt'</TD> 653190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 654190214Srpaulo <TD VALIGN=TOP>The 'jump if true' program counter offset.</TD> 655190214Srpaulo </TR> 656190214Srpaulo <TR> 657190214Srpaulo <TD VALIGN=TOP>'jf'</TD> 658190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 659190214Srpaulo <TD VALIGN=TOP>The 'jump if false' program counter offset.</TD> 660190214Srpaulo </TR> 661190214Srpaulo <TR> 662190214Srpaulo <TD VALIGN=TOP>'k'</TD> 663190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>4</TD> 664190214Srpaulo <TD VALIGN=TOP>The 'other' data field.</TD> 665190214Srpaulo </TR> 666190214Srpaulo </TABLE> 667190214Srpaulo <P> 668190214Srpaulo Refer to the bpf(4) man page for more details. 669190214Srpaulo </TD> 670190214Srpaulo </TR> 671190214Srpaulo </TABLE> 672190214Srpaulo </TD> 673190214Srpaulo </TR> 674190214Srpaulo <TR> 675190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD> 676190214Srpaulo <TD VALIGN=TOP>In return the IOP will send its (possibly empty) NULL terminated error response string.</TD> 677190214Srpaulo </TR> 678190214Srpaulo <TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR> 679190214Srpaulo <TR> 680190214Srpaulo <TD VALIGN=TOP ROWSPAN=2>pcap_stats()</TD> 681190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD> 682190214Srpaulo <TD VALIGN=TOP>At any time, the SMP can issue a 'retrieve statistics' command which contains:<BR> 683190214Srpaulo <P> 684190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 685190214Srpaulo <TR> 686190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 687190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 688190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 689190214Srpaulo </TR> 690190214Srpaulo <TR> 691190214Srpaulo <TD VALIGN=TOP>command</TD> 692190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>1</TD> 693190214Srpaulo <TD VALIGN=TOP>'S' (indicating 'request statistics')</TD> 694190214Srpaulo </TR> 695190214Srpaulo </TABLE> 696190214Srpaulo </TD> 697190214Srpaulo </TR> 698190214Srpaulo <TR> 699190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>IOP -> SMP</TD> 700190214Srpaulo <TD VALIGN=TOP>In return the IOP will send: 701190214Srpaulo <P> 702190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 703190214Srpaulo <TR> 704190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Name/<BR>Purpose</TH> 705190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER NOWRAP>Size<BR>(in bytes)</TH> 706190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Description</TH> 707190214Srpaulo </TR> 708190214Srpaulo <TR> 709190214Srpaulo <TD VALIGN=TOP>ps_recv</TD> 710190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>4</TD> 711190214Srpaulo <TD VALIGN=TOP>The number of packets that passed the filter.</TD> 712190214Srpaulo </TR> 713190214Srpaulo <TR> 714190214Srpaulo <TD VALIGN=TOP>ps_drop</TD> 715190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>4</TD> 716190214Srpaulo <TD VALIGN=TOP>The number of packets that were dropped because the input queue was full, 717190214Srpaulo regardless of whether they passed the filter.</TD> 718190214Srpaulo </TR> 719190214Srpaulo <TR> 720190214Srpaulo <TD VALIGN=TOP>ps_ifdrop</TD> 721190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER>4</TD> 722190214Srpaulo <TD VALIGN=TOP>The number of packets dropped by the network inteface 723190214Srpaulo (regardless of whether they would have passed the input filter).</TD> 724190214Srpaulo </TR> 725190214Srpaulo </TABLE> 726190214Srpaulo </TD> 727190214Srpaulo </TR> 728190214Srpaulo <TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR> 729190214Srpaulo <TR> 730190214Srpaulo <TD VALIGN=TOP ROWSPAN=1>pcap_close()</TD> 731190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER NOWRAP>SMP -> IOP</TD> 732190214Srpaulo <TD VALIGN=TOP>At any time, the SMP can close the TCP session with the IOP.</TD> 733190214Srpaulo </TR> 734190214Srpaulo <TR><TH COLSPAN=3><HR WIDTH=100%></TH></TR> 735190214Srpaulo </TABLE> 736190214Srpaulo</UL> 737190214Srpaulo 738190214Srpaulo<H3>Interface ID Naming Convention</H3> 739190214Srpaulo<UL> 740190214Srpaulo Each interface within an IOP will be referred to uniquely. Since an currently contains 741190214Srpaulo 8 monitorable WAN ports and a monitorable Ethernet port, the naming convention is: 742190214Srpaulo <P> 743190214Srpaulo <CENTER> 744190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 745190214Srpaulo <TR><TH>Interface #</TH> <TH>Type</TH> <TH>Name</TH></TR> 746190214Srpaulo <TR><TD ALIGN=CENTER>1</TD> <TD ALIGN=CENTER>WAN</TD> <TD ALIGN=CENTER>wan0</TD></TR> 747190214Srpaulo <TR><TD ALIGN=CENTER>2</TD> <TD ALIGN=CENTER>WAN</TD> <TD ALIGN=CENTER>wan1</TD></TR> 748190214Srpaulo <TR><TD ALIGN=CENTER>3</TD> <TD ALIGN=CENTER>WAN</TD> <TD ALIGN=CENTER>wan2</TD></TR> 749190214Srpaulo <TR><TD ALIGN=CENTER>4</TD> <TD ALIGN=CENTER>WAN</TD> <TD ALIGN=CENTER>wan3</TD></TR> 750190214Srpaulo <TR><TD ALIGN=CENTER>5</TD> <TD ALIGN=CENTER>WAN</TD> <TD ALIGN=CENTER>wan4</TD></TR> 751190214Srpaulo <TR><TD ALIGN=CENTER>6</TD> <TD ALIGN=CENTER>WAN</TD> <TD ALIGN=CENTER>wan5</TD></TR> 752190214Srpaulo <TR><TD ALIGN=CENTER>7</TD> <TD ALIGN=CENTER>WAN</TD> <TD ALIGN=CENTER>wan6</TD></TR> 753190214Srpaulo <TR><TD ALIGN=CENTER>8</TD> <TD ALIGN=CENTER>WAN</TD> <TD ALIGN=CENTER>wan7</TD></TR> 754190214Srpaulo <TR><TD ALIGN=CENTER>9</TD> <TD ALIGN=CENTER>Ethernet</TD> <TD ALIGN=CENTER>eth0</TD></TR> 755190214Srpaulo <TR><TD ALIGN=CENTER>10</TD> <TD ALIGN=CENTER>Ethernet</TD> <TD ALIGN=CENTER>eth1</TD></TR> 756190214Srpaulo </TABLE> 757190214Srpaulo </CENTER> 758190214Srpaulo</UL> 759190214Srpaulo 760190214Srpaulo<H3>Packet Trace Data Format</H3> 761190214Srpaulo<UL> 762190214Srpaulo The format of the trace data that is sent to the SMP follows a portion of the libpcap file format 763190214Srpaulo and is summarized here. This format specifies the generic requirements needed to 764190214Srpaulo be able to decode packets, but does not cover ACN specifics such as custom MAC addressing 765190214Srpaulo and WAN protocol support. 766190214Srpaulo <P> 767190214Srpaulo 768190214Srpaulo Although a libpcap file begins with a global header followed by zero or 769190214Srpaulo more records for each captured packet, trace data sent to the SMP does NOT begin with a global header. 770190214Srpaulo A trace sequence looks like this: 771190214Srpaulo <P> 772190214Srpaulo <TABLE> 773190214Srpaulo <TR> 774190214Srpaulo <TD STYLE="background-color: #c0FFc0"> [Packet Header] </TD> 775190214Srpaulo <TD STYLE="background-color: #c0FFc0"> [Packet Data] </TD> 776190214Srpaulo <TD STYLE="background-color: #c0c0FF"> [Packet Header] </TD> 777190214Srpaulo <TD STYLE="background-color: #c0c0FF"> [Packet Data] </TD> 778190214Srpaulo <TD STYLE="background-color: #e0c0c0"> [Packet Header] </TD> 779190214Srpaulo <TD STYLE="background-color: #e0c0c0"> [Packet Data] </TD> 780190214Srpaulo <TD>...</TD> 781190214Srpaulo </TR> 782190214Srpaulo </TABLE> 783190214Srpaulo 784190214Srpaulo<H4>Packet Header</H4> 785190214Srpaulo <UL> 786190214Srpaulo Each captured packet starts with a header that contains the following values 787190214Srpaulo (in network neutral order): 788190214Srpaulo 789190214Srpaulo <FONT SIZE=-1> 790190214Srpaulo <PRE> 791190214Srpaulo uint32 tv_sec; /* timestamp seconds */ 792190214Srpaulo uint32 tv_usec; /* timestamp microseconds */ 793190214Srpaulo uint32 caplen; /* number of octets in the following packet */ 794190214Srpaulo uint32 len; /* original length of packet on the wire */ 795190214Srpaulo </PRE> 796190214Srpaulo </FONT> 797190214Srpaulo 798190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 799190214Srpaulo <TR> 800190214Srpaulo <TD VALIGN=TOP>tv_sec</TD> 801190214Srpaulo <TD>The date and time when this packet was captured. 802190214Srpaulo This value is in seconds since January 1, 1970 00:00:00 GMT; 803190214Srpaulo this is also known as a UN*X time_t. You can use the ANSI C 804190214Srpaulo <em>time()</em> function from <em>time.h</em> to get this value, 805190214Srpaulo but you might use a more optimized way to get this timestamp value. 806190214Srpaulo If this timestamp isn't based on GMT (UTC), use <em>thiszone</em> 807190214Srpaulo from the global header for adjustments.</TD> 808190214Srpaulo </TR> 809190214Srpaulo <TR> 810190214Srpaulo <TD VALIGN=TOP>tv_usec</TD> 811190214Srpaulo <TD>The microseconds when this packet was captured, as an offset to <em>ts_sec</em>. 812190214Srpaulo <B>Beware: </B>this value must never reach 1 second (1,000,000), 813190214Srpaulo in this case <em>ts_sec</em> must be increased instead!</TD> 814190214Srpaulo </TR> 815190214Srpaulo <TR> 816190214Srpaulo <TD VALIGN=TOP>caplen</TD> 817190214Srpaulo <TD>The number of bytes actually provided in the capture record. 818190214Srpaulo This value should never become larger than <em>len</em> or the 819190214Srpaulo <em>snaplen</em> value specified during the capture.</TD> 820190214Srpaulo </TR> 821190214Srpaulo <TR> 822190214Srpaulo <TD VALIGN=TOP>len</TD> 823190214Srpaulo <TD>The length of the packet "on the wire" when it was captured. 824190214Srpaulo If <em>caplen</em> and <em>len</em> differ, the actually 825190214Srpaulo saved packet size was limited by the value of <em>snaplen</em> specified 826190214Srpaulo during one of the capture directives such as pcap_dispatch().</TD> 827190214Srpaulo </TR> 828190214Srpaulo </TABLE> 829190214Srpaulo </UL> 830190214Srpaulo 831190214Srpaulo<H4>Packet Data</H4> 832190214Srpaulo <UL> 833190214Srpaulo The actual packet data will immediately follow the packet header as a sequence of <em>caplen</em> octets. 834190214Srpaulo Depending on the DLT encoding number assigned to the interface, the packet data will contain an additional 835190214Srpaulo custom header used to convey WAN port related information. 836190214Srpaulo </UL> 837190214Srpaulo 838190214Srpaulo<H4>ACN Custom Packet Header</H4> 839190214Srpaulo <UL> 840190214Srpaulo PCAP, Wireshark and Tcpdump enhancements have been added to the ACN to support 841190214Srpaulo monitoring of its ports, however each of these facilities were focused on capturing 842190214Srpaulo and displaying traffic from LAN interfaces. The SITA extentions to these facilities 843190214Srpaulo are used to also provide the ability to capture, filter, and display information from 844190214Srpaulo an ACN's WAN ports. 845190214Srpaulo <P> 846190214Srpaulo Although each packet follows the standard libpcap format, since there are 847190214Srpaulo two types of interfaces that can be monitored, the format of the data 848190214Srpaulo packet varies slightly. 849190214Srpaulo <P> 850190214Srpaulo <UL TYPE=DISC> 851190214Srpaulo <LI>For Ethernet (like) devices, the packet format is unchanged from the standard Pcap format. 852190214Srpaulo <LI>For WAN devices, the packet contains a 5 byte header that preceeds the actual captured data 853190214Srpaulo described by the following table: 854190214Srpaulo </UL> 855190214Srpaulo <P> 856190214Srpaulo <CENTER> 857190214Srpaulo <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=3> 858190214Srpaulo <TR> <TH>Octet</TH> 859190214Srpaulo <TH>Name</TH> 860190214Srpaulo <TH>Mask/Value</TH> 861190214Srpaulo <TH COLSPAN=2>Definition</TH> </TR> 862190214Srpaulo 863190214Srpaulo <TR> <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=3>0</TH> 864190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=3>Control / Status</TH> 865190214Srpaulo 866190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx0</FONT></TD> 867190214Srpaulo <TD>Transmitted by capture device</TD> 868190214Srpaulo <TD ROWSPAN=2 ALIGN=CENTER>(see 'Errors' octets)</TD> </TR> 869190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx1</FONT></TD> 870190214Srpaulo <TD>Received by capture device</TD> </TR> 871190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">1xxxxxxx</FONT></TD> 872190214Srpaulo <TD COLSPAN=2>No buffer was available during capture of previous packet.</TD> </TR> 873190214Srpaulo 874190214Srpaulo <TR> <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=8>1</TH> 875190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=8>Signals</TH> 876190214Srpaulo 877190214Srpaulo <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx1</FONT></TD> <TD COLSPAN=2>DSR asserted</TD> </TR> 878190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxx1x</FONT></TD> <TD COLSPAN=2>DTR asserted</TD> </TR> 879190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxx1xx</FONT></TD> <TD COLSPAN=2>CTS asserted</TD> </TR> 880190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxx1xxx</FONT></TD> <TD COLSPAN=2>RTS asserted</TD> </TR> 881190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxx1xxxx</FONT></TD> <TD COLSPAN=2>DCD asserted</TD> </TR> 882190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xx1xxxxx</FONT></TD> <TD COLSPAN=2>Undefined</TD> </TR> 883190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">x1xxxxxx</FONT></TD> <TD COLSPAN=2>Undefined</TD> </TR> 884190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">1xxxxxxx</FONT></TD> <TD COLSPAN=2>Undefined</TD> </TR> 885190214Srpaulo 886190214Srpaulo <TR> <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=9>2</TH> 887190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=9>Errors<BR>(octet 1)</TH> 888190214Srpaulo 889190214Srpaulo <TH> </TH> <TH>Tx</TH> <TH>Rx</TH> </TR> 890190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx1</FONT></TD> <TD>Underrun</TD> <TD>Framing</TD> </TR> 891190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxx1x</FONT></TD> <TD>CTS Lost</TD> <TD>Parity</TD> </TR> 892190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxx1xx</FONT></TD> <TD>UART Error</TD> <TD>Collision</TD> </TR> 893190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxx1xxx</FONT></TD> <TD>Re-Tx Limit Reached</TD> <TD>Long Frame</TD> </TR> 894190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxx1xxxx</FONT></TD> <TD>Undefined</TD> <TD>Short Frame</TD> </TR> 895190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xx1xxxxx</FONT></TD> <TD>Undefined</TD> <TD>Undefined</TD> </TR> 896190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">x1xxxxxx</FONT></TD> <TD>Undefined</TD> <TD>Undefined</TD> </TR> 897190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">1xxxxxxx</FONT></TD> <TD>Undefined</TD> <TD>Undefined</TD> </TR> 898190214Srpaulo 899190214Srpaulo <TR> <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=9>3</TH> 900190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=9>Errors<BR>(octet 2)</TH> 901190214Srpaulo 902190214Srpaulo <TH> </TH> <TH>Tx</TH> <TH>Rx</TH> </TR> 903190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxxx1</FONT></TD> <TD>Undefined</TD> <TD>Non-Octet Aligned</TD> </TR> 904190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxxx1x</FONT></TD> <TD>Undefined</TD> <TD>Abort Received</TD> </TR> 905190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxxx1xx</FONT></TD> <TD>Undefined</TD> <TD>CD Lost</TD> </TR> 906190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxxx1xxx</FONT></TD> <TD>Undefined</TD> <TD>Digital PLL Error</TD> </TR> 907190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xxx1xxxx</FONT></TD> <TD>Undefined</TD> <TD>Overrun</TD> </TR> 908190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">xx1xxxxx</FONT></TD> <TD>Undefined</TD> <TD>Frame Length Violation</TD> </TR> 909190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">x1xxxxxx</FONT></TD> <TD>Undefined</TD> <TD>CRC Error</TD> </TR> 910190214Srpaulo <TR> <TD VALIGN=TOP ALIGN=CENTER><FONT FACE="COURIER">1xxxxxxx</FONT></TD> <TD>Undefined</TD> <TD>Break Received</TD> </TR> 911190214Srpaulo 912190214Srpaulo <TR> <TH VALIGN=TOP ALIGN=CENTER ROWSPAN=12>4</TH> 913190214Srpaulo <TH VALIGN=TOP ALIGN=CENTER>Protocol</TH> 914190214Srpaulo 915190214Srpaulo <TD COLSPAN=3> 916190214Srpaulo <CENTER> 917190214Srpaulo <TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0> 918190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x01</TD> <TD>-</TD> <TD>LAPB (BOP) <SUP> </SUP> </TD> </TR> 919190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x02</TD> <TD>-</TD> <TD>Ethernet <SUP>1</SUP> </TD> </TR> 920190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x03</TD> <TD>-</TD> <TD>Async (Interrupt IO) <SUP> </SUP> </TD> </TR> 921190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x04</TD> <TD>-</TD> <TD>Async (Block IO) <SUP> </SUP> </TD> </TR> 922190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x05</TD> <TD>-</TD> <TD>IPARS <SUP> </SUP> </TD> </TR> 923190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x06</TD> <TD>-</TD> <TD>UTS <SUP> </SUP> </TD> </TR> 924190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x07</TD> <TD>-</TD> <TD>PPP (HDLC) <SUP> </SUP> </TD> </TR> 925190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x08</TD> <TD>-</TD> <TD>SDLC <SUP> </SUP> </TD> </TR> 926190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x09</TD> <TD>-</TD> <TD>Token Ring <SUP>1</SUP> </TD> </TR> 927190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x10</TD> <TD>-</TD> <TD>I2C <SUP> </SUP> </TD> </TR> 928190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x11</TD> <TD>-</TD> <TD>DPM Link <SUP> </SUP> </TD> </TR> 929190214Srpaulo <TR VALIGN=BOTTOM><TD ALIGN=CENTER>0x12</TD> <TD>-</TD> <TD>Frame Relay (BOP) <SUP> </SUP> </TD> </TR> 930190214Srpaulo </TABLE> 931190214Srpaulo </CENTER> 932190214Srpaulo <P> 933190214Srpaulo <STRONG>Note 1:</STRONG> 934190214Srpaulo Ethernet and Token Ring frames will never be sent as DLT_SITA (with the 5 octet header), 935190214Srpaulo but will be sent as their corresponding DLT types instead. 936190214Srpaulo </TD> 937190214Srpaulo </TR> 938190214Srpaulo </TABLE> 939190214Srpaulo </CENTER> 940190214Srpaulo</UL> 941190214Srpaulo<P> 942190214Srpaulo</UL> 943190214Srpaulo</UL> 944