Hi,
I've been working on LAPB and X.25 dissectors for some time now. It
seems to work fine for me so I'm sending a patch with my code to the
list.
Here is a description of what I have done :
- add a new ENCAP type : WTAP_ENCAP_LAPB
- add a new field "guint8 flags" in wtap_pkthdr and frame_data structs.
The first bit of the field tells what the source of the frame is (0 :
DTE, 1 : DCE). The other 7 bits are not used.
- add WTAP_ENCAP_LAPB support in ngsniffer.c. I had to guess where I
would find the information about the source of the frame in the frame2
struct (DTE or DCE). It seems to be the first bit of the "fs" field. Can
someone confirm that ?
- add support for radcom RC88WL file format. I have no documentation for
this format so my code may not work for everyone. I only worked on
ethernet an lapb support. If someone has informations about radcom file
format, please send it to me...
- add a LAPB dissector (normal LAPB only, no support for extended LAPB)
- add a X.25 dissector. It currently only works with modulo 8 packets,
because the only documentation I have about X.25 comes from Transpac
(french X.25 network), which seems to use modulo 8 only. If someone can
send me documentation about modulo 128 packets format, I will work on
it.
- the dissectors use the new display filters. You can filter on lapb
address field, and X.25 logical channel number.
- dissect_x25 calls dissect_ip or dissect_cotp (or dissect_data by
default), depending on the protocol id sent with the call packet when
establishing the virtual circuit. I had to implement a hash table to
memorize the protocol used for each VC in the capture. It should be easy
to add different upper layer dissectors if someone needs to : you just
have to know what pid is used in the call packet (I'm only using IP and
COTP over X.25).
The diff was made against today's CVS tree.
Regards,
Olivier
--
Think lucky. If you fall in a pond, check your pockets for fish.
-- Darrell Royal
Attachment:
x25.patch.gz
Description: Binary data
