Wireshark-dev: Re: [Wireshark-dev] [PATCH] Support ALCAP, NBAP over SSCOP in K12xx
From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Sun, 28 Jan 2007 02:42:20 +0100
Committed revision 20580.


On 1/27/07, Kriang Lerdsuwanakij <lerdsuwa@xxxxxxxxxxxxxxxxxxxxx> wrote:
Hello

This patch add some capability for reading K12xx .rf5 files.
Currently Wireshark has trouble dissecting .rf5 captured from
UMTS ATM-based Iub interface. According to example configuration
file at:
  http://wiki.wireshark.org/K12?highlight=%28K12%29
If one try to dissect protocol
  C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk
using ALCAP, it will have error due to the trailing SSCOP fields.
If SSCOP is used instead, then the ALCAP commands is not shown.

This patch implements the following:

1 Add ALCAP and NBAP as subdissectors of SSCOP. Previously it only
  knows about SSCF-NNI and data. (Changes in packet-sscop.c,
  packet-sscop.h)

2 Add capability for lower layer to force SSCOP to choose a particular
  dissector. It is passed as "subdissector" field of SSCOP protocol
  data. This is required because different payload protocol is
  distinguished by different VPI/VCI. There is no protocol field inside
  SSCOP frame. (Changes in packet-sscop.c, packet-sscop.h)

3 Make K12xx configuration file supporting the following syntax:
    C:\k1297\stacks\umts_iub\umts_iub_aal2l3.stk sscop:alcap
  This says dissect with SSCOP first and then pass to ALCAP.
  The change is made general, so it supports arbitrary number of
  protocol, like "proto1:proto2:proto3". Using ":" as separator
  allow us to expand the syntax further to support parameters like
  "proto1 param1:proto2 param2 param3". (Changes in packet-k12.c)

With above 3 changes together, dissecting Iub traces are correct for
control and signaling planes. I am still investigating user plane
frames because writing UMTS RLC/MAC protocol dissector is required.
The patch and sample .rf file (same as my previous patch) is in the
attachment.

I will go to expand the wiki about this usage when the patch is
committed.  I have already added some more information about ALCAP,
NBAP protocols in the wiki.

Best regards

Kriang Lerdsuwanakij



_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev





--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan