Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] rev 20908: /trunk/ /trunk/epan/dissector
From: "Luis Ontanon" <luis.ontanon@xxxxxxxxx>
Date: Fri, 23 Feb 2007 23:14:58 +0100
It's heuristic, not having the setup of the association.

I mantain two tables.
pl_table conatinig a list of assocs indexed by "port_labels" a 32bit
label out of the ports being used (low_pt << 16 | high_pt)

and plvt_table indexed by port_label and verification_tag of one
direction which I assume to be unique.

if match in plvt_table then we got it.

if match on pl_table then
  for each assoc in list
    if assoc is missing the other direction then
       we got this and add it to the plvt_table.

if no assoc was found so far
    this is a new assoc add it to both tables


I'm not sure it will always work, but so far (with the traces I have
available) it appears to do so... at least the perl prototype against
which I played text files derived from captures did.

AFAIU, there's very little chances to have two different associations
match... if I actually see it happening I'll start to play the
lottery!

I have still problems matching the CTSN ack to the right TSN frames
without falling in an infinite loop but that's another story. And
serial arithmetic makes that a hard thing to deal with.

BTW, if you have captures where the counter cycles I would love to
have them. Or else I'll have to hope that an association on the lab
I'm working stays up long enough and does not catch me unprepared when
it happens.Or I'll have to generate fake packets but my experience as
a telecom troubleshooter tells me that the fact that something works
with generated traffic does not imply it will work in the real world.

As per Association Restart I do not think I'll ever implement it, I'll
treat the restarted Association as a new one (I need traces for this
too, but this given slack time in the lab I can force it to happen).

Luis.

On 2/23/07, Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx> wrote:
Hi Lego,

I'm wondering how you tie together both directions of an SCTP
association?

Best regards
Michael

On Feb 23, 2007, at 8:57 PM, lego@xxxxxxxxxxxxx wrote:

> http://anonsvn.wireshark.org/viewvc/viewvc.cgi?view=rev&revision=20908
>
> User: lego
> Date: 2007/02/23 08:57 PM
>
> Log:
>  fix some bugs introduced in the latest releases and add
> value_strings for param, evt, sig and stat ids s well as "sub-
> parameters".
>
> Directory: /trunk/epan/dissectors/
>   Changes    Path                     Action
>   +39 -33    packet-h248.c            Modified
>   +20 -14    packet-h248.h            Modified
>   +103 -39   packet-h248_3gpp.c       Modified
>   +4 -4      packet-h248_annex_c.c    Modified
>   +83 -30    packet-h248_annex_e.c    Modified
>   +23 -11    packet-h248_q1950.c      Modified
>   +486 -52   packet-sctp.c            Modified
>
> Directory: /trunk/asn1/h248/
>   Changes    Path                      Action
>   +36 -30    packet-h248-template.c    Modified
>   +20 -14    packet-h248-template.h    Modified
>
> _______________________________________________
> Wireshark-commits mailing list
> Wireshark-commits@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-commits




--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan


--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan