Wireshark · Wireshark-dev: Re: [Wireshark-dev] Patch to decode ERF type 5 record

Wireshark-dev: Re: [Wireshark-dev] Patch to decode ERF type 5 record

From: Florent.Drouin@xxxxxxxxxxxxxxxxx

Date: Tue, 20 Feb 2007 10:10:47 +0100

I am still working on the subject, but I think it will not be a new
WTAP_ENCAP.
I tried to introduce a kind of extension for the linktype to give more
information, like FCS presence.

Concerning the different formats stored in the ERF record with type
MC_HDLC, I have no other details.
Personnally, I only work with MTP2 frames, so I did implement this type
only.
But you are right, there could be other kind of protocol. So I suppose
somebody else will have to introduce the same mechanism with getenv(), as
it was done for ATM. But currently, I am not able to do it , I do not know
what should be implemented.

Regards
Florent

                      Jeff Morriss                                                                                              
                      <jeff.morriss@xxxxxxxxxx         To:      Developer support list for Wireshark                            
                      m>                               <wireshark-dev@xxxxxxxxxxxxx>                                            
                      Sent by:                         cc:                                                                      
                      wireshark-dev-bounces@wi         Subject: Re: [Wireshark-dev] Patch to decode ERF type 5 record           
                      reshark.org                                                                                               

                      18/02/2007 12:33                                                                                          
                      Please respond to                                                                                         
                      Developer support list                                                                                    
                      for Wireshark                                                                                             

Florent.Drouin@xxxxxxxxxxxxxxxxx wrote:
> No, the ERF type 5 record has a different header than the PCAP header,
but
> MTP2 part is not affected.
> In fact, the MTP2 (FCS) is not specific to the ERF format, I would say,
> MTP2 (FCS) is the standart MTP2, but the checksums are present in the 2
> last bytes of the frame.
>
> I could use a new DLT, but this would be to show the additional
> informations given in the ERF type 5 header (like a kind of timeslot
> information, etc)

In fact I didn't mean use a new DLT value but rather a different
WTAP_ENCAP value.  E.g., here:

> +       case TYPE_MC_HDLC:
> +               wtap_encap = WTAP_ENCAP_MTP2;
> +               break;

it could be WTAP_ENCAP_MTP2_WITH_FCS (were that to exist) so the MTP2
dissector could automatically know if the FCS is there or not.

Anyway, I read a little bit about this file format and it seems to just
be a place holder for anything in HDLC, not just MTP2.

For ATM stored in ERF files wiretap uses 'getenv()' to tell which
WTAP_ENCAP should be used.  If/when there's a WTAP_ENCAP_MTP2_WITH_FCS,
(or any other HDLC protocol stored in that file format) I guess that
method could be used for HDLC, too.

Anyway, I checked in your patch (rev 20838).

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

References:
- Re: [Wireshark-dev] Patch to decode ERF type 5 record
  - From: Jeff Morriss

Prev by Date: Re: [Wireshark-dev] TCP ZeroWindowProbe problem / question
Next by Date: Re: [Wireshark-dev] Building RPM with Lua support
Previous by thread: Re: [Wireshark-dev] Patch to decode ERF type 5 record
Next by thread: [Wireshark-dev] Problem with proto_tree_add_item
Index(es):
- Date
- Thread