A few words about LLC

The 0cpm Firmerware uses LLC in a number of places. Since LLC is not (anymore) common knowledge, here is a bit of information on it.

Ethernet frame format under LLC

The format of an Ethernet frame with LLC.

LLC stems from the days of NetBIOS, but is not just old crap; it is also used in WiFi, for instance. The thing to look for in an ethernet frame is the field after the destination and source MAC address. This is the type/length field. Values up to and including 1500 represent the length and higher values indicate a type.

Wired ethernets most often carry 802.3 Ethernet, which is the variant with a type field; commonly seen types are 0x0800 to indicate that the packet contains IPv4, or 0x86dd for IPv6.

Values up to 1500 indicate that 802.2 Ethernet applies, and that automatically involves using LLC. LLC is a bit like TCP and UDP, except that it runs on top of plain Ethernet. The variety LLC1 has no acknowledgement and basically sends unconfirmed data to a recipient, making it much like UDP. LLC2 is a variation that involves setting up connections and acknowledging properly received packet data, so this is more like TCP -- with the exception of lots of fine protocols to handle dynamically changing networks, so there are no flags or windows or any other complexities that make TCP suitable for long-distance traffic.

Both LLC1 and LLC2 use a concept of service accept points, or SAP, on each end of the communication. These are very much like ports in UDP/TCP, except that they only span 7 bits (a SAP is even and falls in the range 0x00 to 0xfe). Other than that, LLC1 and LLC2 have a bit to indicate that a message is unicast, and another to separate command from response. For LLC1, one control byte follows; for LLC2 there are two control bytes. So the overhead of LLC is 3 to 4 bytes.

UDP is simple enough, so LLC1 does not make much difference except that it works with MAC addresses and so does not require the hardware to get any resource from the network. LLC2 however, is much simpler than TCP, which makes sense because it only routes locally. On the hole, in the limited space available in embedded systems, LLC1 and LLC2 are much simpler choices than UDP and TCP, provided that their use can be limited to a LAN.

There are a few good LAN uses of LLC in the 0cpm Firmerware, that may work just as well in other reverse engineering projects that involve networking:

We use LLC in two places:

We prepared a few applications to actually access these services: