Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5622] Incomplete support of OSI protocol dissectors for CL

Date: Fri, 28 Jan 2011 13:46:23 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5622

--- Comment #7 from guettler@xxxxxx 2011-01-28 13:46:16 PST ---
1) You are right, 
packet-clnp.c

+    dissector_add_uint("ip.proto", IP_PROTO_ISOIP, clnp_handle); \
              /* OSI, ATN over IPv4 RFC 791 */
is a leftover from my first trials with wireshark 1.0 sources.
I can confirm that it works for the two tracefiles without the code, 
so please remove remove it.
concerning your question:
It's supposed to decode CLNP PDU's encapsulated in IPv4 PDU's. The IPv4
protocol features a "protocol" field which is set to 50h (80d) in case an OSI
Protocol is encapsulated in it. 
2) For me it works with "2011-01-27-dump-atn-over-ip.pcap". Ther are a lot of
ISH/ESH but for example PDU #50-59 and #63-66 of the trace show the
establishment and disconnection CM transport connection.
Solution: I attach the full source files I have changed.
3) No reason to touch "packet-osi.h", so no changes here. My bad.
3) My bad. Next time I use tabs.  
4) ICAO doc 9705 Edition 3 Volume V may be obtained from the .zip archives
under "http://www.mccallumwhyman.com/CENA_ATN_Archive/ccb/icaodoc9705/ed3/";,
but it seems the documents are scorched. 
I attach my PDF versions in the next comment.
ATN security label: ed3vol5.pdf section 5.6.2.2.2.2
ATN TP4 extended checksum (32-bit): ed3vol5.pdf section 5.5.2.4.3 and proposed
amendement to ed3 w2wp586.pdf
ATN TP4 extended checksum (16-bit): proposed amendement to ed3 w2wp586.pdf page
5

Concerning different TDPU sizes this is implied in the fact that all TDPU's
that may contain an optional checksum in its VP may employ an ATN extended
checksum as an alternative (32-bit ATN extended checksum is 2 byte larger than
16-bit OSI ). It gets clearer if you check out the protocol traces at TP4 level
- the problem is that I have no means to generate all kinds of TDPU.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.