Ethereal-dev: Re: [Ethereal-dev] patch to packet-isup.c: use message acronyms in the Info: co

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Jeff Morriss <morriss@xxxxxxxxx>
Date: Tue, 15 Apr 2003 10:43:46 -0400
Guy,

Guy Harris wrote:

On Mon, Apr 14, 2003 at 03:03:38PM +0200, Michael Tuexen wrote:
So I think it IS intentional that the information from SCTP and M3UA remains in the Info Column when ISUP appends also something. It is only 
a bug that M3UA puts in DATA and that ISUP dissects it.


[...]


For example, if I correctly understand what you're saying, at least some
stuff the SCTP dissector puts into the Info column should not be
overwritten by stuff that subdissectors put into the Info column, but if
the M3UA dissector puts "DATA" into the Info column and then calls the
ISUP dissector, whatever the ISUP dissector puts into the Info column
should replace the "DATA" that the M3UA dissector put there.

If so, then one way to handle this might be to have a col_ call to put a
"wall" into the column at the end of the data currently in that column
(when the columns are initialized, the wall is at the beginning, so the
call really moves the wall), have any dissector that wants its stuff
left unchanged by subdissectors make that call, have "col_clear()" clear
all data past the wall but no data before the wall, have the "col_add_"
calls append stuff after the wall rather than putting it at the
beginning, have "col_set_str()" append stuff after the wall if it's not
at the beginning, and have all dissectors do "col_clear()" at the before
doing anything that might throw an execption unless they do a "col_add_"
call before doing anything that might throw an exception.

The SCTP dissector, for example, would put a "wall" after anything it
wants subdissectors to preserve.
I think this would work quite well (and is a lot lighter than a stack of Info columns).
In fact SCTP should simply set the wall to be the end of the Info column after it finishes dissecting each chunk. Everything living above SCTP acts like it's the owner of the Info column (e.g., clearing/setting the Info column).
This would give us the same "highest protocol in each chunk is displayed in the Info column" behavior that we have now but without all the hassle for the dissectors above SCTP. (Of course we'd have to be extra careful to avoid verbose Info column entries--else the column could get really unreadable really quickly when SCTP starts bundling.)
In terms of exception handling: most of the SS7 protocols over SCTP have the message type very early in the packet (so that most if not all of the dissectors we're talking about can easily do a "col_add_*()" before doing anything that would (normally) throw an exception.).