Wireshark-dev: Re: [Wireshark-dev] [PATCH] Support ALCAP, NBAP over SSCOP in K12xx
Committed revision 20580.
On 1/27/07, Kriang Lerdsuwanakij <lerdsuwa@xxxxxxxxxxxxxxxxxxxxx> wrote:
Hello
This patch add some capability for reading K12xx .rf5 files.
Currently Wireshark has trouble dissecting .rf5 captured from
UMTS ATM-based Iub interface. According to example configuration
file at:
http://wiki.wireshark.org/K12?highlight=%28K12%29
If one try to dissect protocol
C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk
using ALCAP, it will have error due to the trailing SSCOP fields.
If SSCOP is used instead, then the ALCAP commands is not shown.
This patch implements the following:
1 Add ALCAP and NBAP as subdissectors of SSCOP. Previously it only
knows about SSCF-NNI and data. (Changes in packet-sscop.c,
packet-sscop.h)
2 Add capability for lower layer to force SSCOP to choose a particular
dissector. It is passed as "subdissector" field of SSCOP protocol
data. This is required because different payload protocol is
distinguished by different VPI/VCI. There is no protocol field inside
SSCOP frame. (Changes in packet-sscop.c, packet-sscop.h)
3 Make K12xx configuration file supporting the following syntax:
C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk sscop:alcap
This says dissect with SSCOP first and then pass to ALCAP.
The change is made general, so it supports arbitrary number of
protocol, like "proto1:proto2:proto3". Using ":" as separator
allow us to expand the syntax further to support parameters like
"proto1 param1:proto2 param2 param3". (Changes in packet-k12.c)
With above 3 changes together, dissecting Iub traces are correct for
control and signaling planes. I am still investigating user plane
frames because writing UMTS RLC/MAC protocol dissector is required.
The patch and sample .rf file (same as my previous patch) is in the
attachment.
I will go to expand the wiki about this usage when the patch is
committed. I have already added some more information about ALCAP,
NBAP protocols in the wiki.
Best regards
Kriang Lerdsuwanakij
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan