Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Ethereal-dev: [Ethereal-dev] WTP/WSP Patch 2

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Georg von Zezschwitz <gvz@xxxxxxxxxx>
Date: Sun, 27 Jul 2003 15:43:28 +0200
Hi,

this patch needs a bit more of explanations (and probably
discusssions ?):

When Segmented Results / Segmented Invokes arrive in WTP 
and the packet is not complete (e.g. because of a smaller
snaplength), ethereal tries to WSP-decode these segments.
The result looks like this:

  3   0.023111  139.7.29.17 -> 10.249.63.232 WTP+WSP WSP ConnectReply
  4   0.048595  139.7.29.17 -> 10.249.47.133 MMSE MMS m-send-conf
  5   0.065333 10.249.15.212 -> 139.7.29.17  WTP+WSP WSP Unknown PDU type (0x92)
  6   0.069829 10.249.13.135 -> 139.7.29.17  WTP+WSP WSP Unknown PDU type (0x12)
  7   0.070704  139.7.29.17 -> 10.249.13.135 WTP+WSP WTP Ack
  8   0.074328 10.249.14.228 -> 139.7.29.17  MMSE MMS m-send-req
  9   0.088568 10.249.15.64 -> 139.7.29.17  WTP+WSP WSP Unknown PDU type (0xb6)
 10   0.090068  139.7.29.17 -> 10.249.15.64 WTP+WSP WTP Ack
 11   0.174016 10.249.15.14 -> 139.7.29.17  WTP+WSP WTP Ack
 12   0.235729 10.249.30.192 -> 139.7.29.17  WTP+WSP WSP Unknown PDU type (0x0c)
 13   0.240351 10.249.13.81 -> 139.7.29.17  WTP+WSP WTP Segmented Invoke

I changed packet-wtp not to use the WSP dissector on
Segmented Results/Segmented Invokes.

The result looks like this:

  3   0.023111  139.7.29.17 -> 10.249.63.232 WTP+WSP WSP ConnectReply
  4   0.048595  139.7.29.17 -> 10.249.47.133 MMSE MMS m-send-conf
  5   0.065333 10.249.15.212 -> 139.7.29.17  WTP+WSP Segmented Invoke (4)
  6   0.069829 10.249.13.135 -> 139.7.29.17  WTP+WSP Segmented Invoke (37)
  7   0.070704  139.7.29.17 -> 10.249.13.135 WTP+WSP WTP Ack
  8   0.074328 10.249.14.228 -> 139.7.29.17  MMSE MMS m-send-req
  9   0.088568 10.249.15.64 -> 139.7.29.17  WTP+WSP Segmented Invoke (6)
 10   0.090068  139.7.29.17 -> 10.249.15.64 WTP+WSP WTP Ack
 11   0.174016 10.249.15.14 -> 139.7.29.17  WTP+WSP WTP Ack
 12   0.235729 10.249.30.192 -> 139.7.29.17  WTP+WSP Segmented Invoke (11)
 13   0.240351 10.249.13.81 -> 139.7.29.17  WTP+WSP WTP Segmented Invoke (last)

I do not know somebody guesses of a better approach.

Regards,


Georg

Attachment: testcase2.bin
Description: Binary data

Index: packet-wtp.c
===================================================================
RCS file: /cvsroot/ethereal/packet-wtp.c,v
retrieving revision 1.49
diff -u -u -r1.49 packet-wtp.c
--- packet-wtp.c	30 Jun 2003 23:24:39 -0000	1.49
+++ packet-wtp.c	27 Jul 2003 13:40:59 -0000
@@ -82,8 +82,8 @@
     { 2, "Result" },
     { 3, "Ack" },
     { 4, "Abort" },
-    { 5, "Segmented Invoke" },
-    { 6, "Segmented Result" },
+    { 5, "Segmented Invoke (last)" },
+    { 6, "Segmented Result (last)" },
     { 7, "Negative Ack" },
     { 0, NULL }
 };
@@ -641,8 +641,16 @@
 	     * Normal packet, or not all the fragment data is available;
 	     * call next dissector.
 	     */
-	    wsp_tvb = tvb_new_subset(tvb, dataOffset, -1, -1);
-	    call_dissector(wsp_handle, wsp_tvb, pinfo, tree);
+		if ((pdut != SEGMENTED_INVOKE && pdut != SEGMENTED_RESULT) || !psn) {
+	    	wsp_tvb = tvb_new_subset(tvb, dataOffset, -1, -1);
+	    	call_dissector(wsp_handle, wsp_tvb, pinfo, tree);
+		} else {
+			if (check_col(pinfo->cinfo, COL_INFO))
+			col_set_str(pinfo->cinfo, COL_INFO,
+				pdut == SEGMENTED_INVOKE ?
+				 "Segmented Invoke" : "Segmented Result");
+			col_append_fstr(pinfo->cinfo, COL_INFO, " (%d)", psn);
+		}
 	}
     }
 }
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube