IMO you could do like packet-eth.c does, it registers two dissectors
("eth_withfcs", "eth_withoutfcs") anyway and has a common dissector
that will determine one or the other (based on a preference maybe).
You could register one to handle ENCAP_WITH_FCS and ENCAP_WITHOUT_FCS
or use heuristics instead.
However you decide to go, I believe that having two registered
dissectors instead of an alternative one is a good idea anyway.
Luis
On 2/5/07, Florent.Drouin@xxxxxxxxxxxxxxxxx
<Florent.Drouin@xxxxxxxxxxxxxxxxx> wrote:
Hi luis,
Right, it seems the problem with the FCS is not only a problem of Datalink.
Up to now, if you read a K12 file, and if the record/file for the stack is
pointing to mtp2, the MTP2 dissector is called.
With the current MTP2 dissector, there is no problem with .rf5 record,
because the FCS are ignored.
But, if you are reading a MTP2 frame from an other capture device, the FCS
are present(at least for the board I am using).
And in the ITU Q703 norma, the FCS are mentionned too, so they should be
present.
So, the problem is how to find a solution to have a MTP2 dissector
compatible with both format (without FCS, and with FCS).
My first patch was with an option to have a checksum validation.
But, if the option is enabled, the rf5 record are detected as malformed,
because of these 2 bytes missing, (and because the SCCP dissector has not
be modified to accept such frame).
Now, if I change the datalink to indicate the presence of Checksum, do I
will have to call a specific MTP2_FCS dissector ? Or is it possible to read
the datalink on the pinfo structure in the current MTP2 dissector, to call
a specific code for the FCS validation ?
In this case, it could work with K12 files too, as the datalink is set to
WTAP_ENCAP_K12.
Am I rigth, or do I missed something ?
Best regards
Florent
"Luis Ontanon"
<luis.ontanon@xxxxxxxxx> To: "Developer support list for Wireshark"
Sent by: <wireshark-dev@xxxxxxxxxxxxx>
wireshark-dev-bounces@wi cc:
reshark.org Subject: Re: [Wireshark-dev] Add checksum validation option for MTP2
05/02/2007 15:41
Please respond to
Developer support list
for Wireshark
On 2/5/07, Florent.Drouin@xxxxxxxxxxxxxxxxx
<Florent.Drouin@xxxxxxxxxxxxxxxxx> wrote:
> Hello Jeff,
> Thank you for your comments, I will follow your advices and request a new
> DLT for MTP2 with FCS.
> But before, I will, first, ask for the agreement of the board
manufacturer.
> I hope they will not disagree..
>
> In the same time, if someone has samples of use for the MTP2 DLT, it
could
> be very helpfull.
> Maybe, the right way will be to have :
> - DLT_MTP2_noFCS for K12 files,
k12 files use a single WTAP_ENCAP_K12 and the actual protocol is
choosen by name by the user associating it with the ".stk" file
declared for a given port. As far as the dissecctor handle called by
the name "mtp2" does not change its behaviour there's no problem.
> - DLT_MTP2_FCS, for this board.
> - and to keep the current DLT_MTP2 for compatibility.
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
