Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Add checksum validation option for MTP2

Date: Fri, 2 Feb 2007 10:32:03 +0100
      Hello Jeff,


In fact, the FCS checksum are not ahead the sequence numbers, but after the
payload.
So the MTP2 header is not changed, we have just two additional bytes
containing the CRC16.
I did join somes messages (captured with libpcap) to show the impact of the
patch.

You can see, that the current MTP2 dissector do not take into account the 2
last bytes of the frame.
And the SCCP dissector reads the length in the SCCP part, so there is no
impact for the next subdissectors, the 2 additional bytes are just ignored.

That's why, for me, it was not necessary to request a new DLT.
Moreover, if I add a new DLT, this will not change the MTP2 header itself ,
but just change the way to detect if FCS are present or not.
Instead of an option, you will have a dedicated DLT.
This will be more confortable for the end users, but this will need changes
in libpcap...

Do you think I should request now a new DLT for MTP2 with FCS ?

And what about the other capture devices on PCM link ?
As the FCS are part of the MTP2 layer (or HDLC layer), the checksums should
be present with other boards too, even if they use the current MTP2 DLT.
Maybe if I have a feedback from users working on PCM link, it will be
easier to see if this patch has to be reworked ?

Thank you for your comment.
Best regards
Florent

(See attached file: initDP_FCS.cap.gz)(See attached file: initDP_FCS.txt)



                                                                                                                                   
                      Jeff Morriss                                                                                                 
                      <jeff.morriss@xxxxxxxxxx         To:      Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx> 
                      m>                               cc:                                                                         
                      Sent by:                         Subject: Re: [Wireshark-dev] Add checksum validation option for MTP2        
                      wireshark-dev-bounces@wi                                                                                     
                      reshark.org                                                                                                  
                                                                                                                                   
                                                                                                                                   
                      02/02/2007 02:27                                                                                             
                      Please respond to                                                                                            
                      Developer support list                                                                                       
                      for Wireshark                                                                                                
                                                                                                                                   






Florent.Drouin@xxxxxxxxxxxxxxxxx wrote:
> This patch add an option to validate the MTP2 Frame Check Sequence.
> You can activate this option if you are using a capture device on PCM
> links, and if you want to identify malformed Packet, or noise.
> If you are reading rf5 files,   you must not activate the checksum
> validation, as the FCS are not present at the end of the record.
> This patch is based on the decode_fcs function of packet_ppp.c.

Hmmm, this patch means that the MTP2 dissector accepts 2 formats of MTP2
data in WTAP_ENCAP_MTP2/WTAP_ENCAP_MTP2_WITH_PHDR (PCAP DLT 140/139):
with and without the 2-byte FCS ahead of the sequence numbers.

Normally (AFAIK) such overloading of the file format is frowned upon.  A
cleaner solution would be to assign Yet Another DLT value to MTP2, this
time with the FCS header.  (And maybe also with the "MTP2 pseudo header"
from WTAP_ENCAP_MTP2_WITH_PHDR/DLT value 139 so as to have one MTP2
format that contains all the possible options?)

Would you be willing to request a new DLT (from tcpdump.org) and then
update wiretap and the MTP2 dissector to support that?

Or, if this is only for use with your ERF type 5 patch (e.g., you don't
plan to store MTP2-with-FCS in PCAP files) then another solution would
be to only add another WTAP_ENCAP value, one that is only used by the
ERF type 5 stuff.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev


Attachment: initDP_FCS.cap.gz
Description: Binary data

Attachment: initDP_FCS.txt
Description: Binary data