[tcpdump-workers] Fwd: Proposed update to DLT_BLUETOOTH_LE_LL_WITH_PHDR

Sultan Khan sultanqasim at gmail.com
Thu Jul 9 18:15:21 EDT 2020


After rereading it, I made one more slight change to the wording, dropping
the word "received" from "Packets received using the LE Coded PHY are
represented..." since this DLT can also be used to represent transmitted
packets.

Here's a browser renderable link to the latest version:
https://gistcdn.githack.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a/raw/c9172a730117c824a1b80add472052220810e538/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html

Any comments from anyone else?

Thanks,
Sultan

On Thu, Jul 9, 2020 at 5:55 PM Sultan Khan via tcpdump-workers <
tcpdump-workers at lists.tcpdump.org> wrote:

>
>
>
> ---------- Forwarded message ----------
> From: Sultan Khan <sultanqasim at gmail.com>
> To: tcpdump-workers <tcpdump-workers at lists.tcpdump.org>
> Cc:
> Bcc:
> Date: Thu, 9 Jul 2020 17:57:03 -0400
> Subject: Fwd: [tcpdump-workers] Proposed update to
> DLT_BLUETOOTH_LE_LL_WITH_PHDR
> Thanks for the feedback Guy. I revised the wording based on your
> suggestion, while also noting there is a four octet access address in the
> LE packet before the coding indicator.
>
> See the updated version here since the GitHack version rendered with a
> suitable Content-Type is slow to update:
> https://gist.github.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a
>
> New wording:
> For packets using the LE Coded PHY as defined in the Bluetooth Core
> Specification v5.2, Volume 6, Part B, Section 2.2, the LE Packet is
> represented as the four-octet access address, followed by the Coding
> Indicator (CI), stored in a one-octet field with the lower 2 bits
> containing the CI value, immediately followed by the PDU and the CRC.
> Packets received using the LE Coded PHY are represented in an uncoded form,
> so the TERM1 and TERM2 coding terminators are not included in the LE packet
> field.
>
> On Thu, Jul 9, 2020 at 5:23 PM Guy Harris via tcpdump-workers <
> tcpdump-workers at lists.tcpdump.org> wrote:
>
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: Guy Harris <gharris at sonic.net>
> > To: Sultan Khan <sultanqasim at gmail.com>
> > Cc: tcpdump-workers <tcpdump-workers at lists.tcpdump.org>, Joakim
> Andersson
> > <joakim.andersson at nordicsemi.no>, Mike Ryan <mikeryan at lacklustre.net>,
> > virtualabs at gmail.com
> > Bcc:
> > Date: Thu, 9 Jul 2020 14:22:49 -0700
> > Subject: Re: Proposed update to DLT_BLUETOOTH_LE_LL_WITH_PHDR
> > On Jul 9, 2020, at 1:46 PM, Sultan Khan <sultanqasim at gmail.com> wrote:
> >
> > > Through discussions with Joakim Anderson (of Nordic) and Mike Ryan
> > (Ubertooth developer), and going through several iterations of proposed
> > protocol updates, I/we came up with this:
> >
> https://gistcdn.githack.com/sultanqasim/8b6561309f5934f084a0d938ae733b7a/raw/LINKTYPE_BLUETOOTH_LE_LL_WITH_PHDR.html
> >
> > In the last paragraph, it says:
> >
> >         For packets using the LE Coded PHY as defined in the Bluetooth
> > Core Specification v5.2, Volume 6, Part B, Section 2.2, the Coding
> > Indicator (CI) is represented by the two least significant bits of a
> > dedicated coding indicator byte between the Access Address and PDU.
> Packets
> > received using the LE Coded PHY are represented in an uncoded form, so
> the
> > TERM1 and TERM2 coding terminators are not included in the LE packet
> field.
> >
> > Perhaps that's a bit clearer if stated as
> >
> >         For packets using the LE Coded PHY as defined in the Bluetooth
> > Core Specification v5.2, Volume 6, Part B, Section 2.2, the LE Packet is
> > represented as the Coding Indicator (CI), stored in a one-octet field
> with
> > the lower 2 bits containing the CI value, immediately followed by the PDU
> > and the CRC.  Packets received using the LE Coded PHY are represented in
> an
> > uncoded form, so the TERM1 and TERM2 coding terminators are not included
> in
> > the LE packet field.
> >
> >
> > ---------- Forwarded message ----------
> > From: Guy Harris via tcpdump-workers <tcpdump-workers at lists.tcpdump.org>
> > To: Sultan Khan <sultanqasim at gmail.com>
> > Cc: virtualabs at gmail.com, Joakim Andersson <
> joakim.andersson at nordicsemi.no>,
> > tcpdump-workers <tcpdump-workers at lists.tcpdump.org>
> > Bcc:
> > Date: Thu, 9 Jul 2020 14:22:49 -0700
> > Subject: Re: [tcpdump-workers] Proposed update to
> > DLT_BLUETOOTH_LE_LL_WITH_PHDR
> > _______________________________________________
> > tcpdump-workers mailing list
> > tcpdump-workers at lists.tcpdump.org
> > https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
> >
>
>
>
> ---------- Forwarded message ----------
> From: Sultan Khan via tcpdump-workers <tcpdump-workers at lists.tcpdump.org>
> To: tcpdump-workers <tcpdump-workers at lists.tcpdump.org>
> Cc:
> Bcc:
> Date: Thu, 9 Jul 2020 17:57:03 -0400
> Subject: [tcpdump-workers] Fwd: Proposed update to
> DLT_BLUETOOTH_LE_LL_WITH_PHDR
> _______________________________________________
> tcpdump-workers mailing list
> tcpdump-workers at lists.tcpdump.org
> https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
>


More information about the tcpdump-workers mailing list