Hello,
I'm working on a project that uses an Endace card to capture ATM
traffic. These captures are in ERF format (Endace's proprietary format),
and Wireshark can read them perfectly.
However, I'm also using mergecap, editcap and tshark to post-process the
files, and they convert them to libpcap format, using the atm-pdus
encapsulation type.
This encapsulation type states that the AAL5 trailers are not included
in the captured data, but the conversion process leaves the trailer in
anyway. This is probably because there is no libpcap equivalent of the
atm-pdus-untruncated encapsulation type, and a best effort conversion is
made.
The problem is that the ATM dissector assumes that no trailer is
present, and some higher-level protocol dissectors (SSCOP, for example)
are not working well as a result.
I solved the problem with the attached patch. It adds a
"atm.force_untruncated" configuration option to the ATM dissector. When
set, it assumes the trailer is present, even if the encapsulation type
is atm-pdus.
The perfect way of solving this problem would be to create a libpcap
format equivalent to atm-pdus-untruncated, and modify the ERF->libpcap
conversion code to use it - but this may take a little more time and
effort. My patch can serve as a temporary solution to this problem...
Could you please consider the inclusion of this patch in the next
version of Wireshark?
Thanks,
Jo�o Fonseca
--- /tmp/wireshark-0.99.5/epan/dissectors/packet-atm.c 2007-02-01 23:00:48.000000000 +0000
+++ /usr/local/src/wireshark-0.99.5/epan/dissectors/packet-atm.c 2007-03-12 11:45:40.801621033 +0000
@@ -72,6 +72,8 @@
static dissector_handle_t data_handle;
static gboolean dissect_lanesscop = FALSE;
+static gboolean force_untruncated = FALSE;
+
/*
* See
@@ -1568,6 +1570,8 @@
dissect_lanesscop ) {
pinfo->pseudo_header->atm.aal = AAL_SIGNALLING;
}
+ if ( force_untruncated )
+ truncated = FALSE;
if (check_col(pinfo->cinfo, COL_PROTOCOL))
col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATM");
@@ -1711,6 +1715,7 @@
prefs_register_bool_preference ( atm_module, "dissect_lane_as_sscop", "Dissect LANE as SSCOP",
"Autodection between LANE and SSCOP is hard. As default LANE is preferred",
&dissect_lanesscop);
+ prefs_register_bool_preference ( atm_module, "force_untruncated", "Force atm-pdus-untruncated encapsulation type", "The libpcap format desn't define the atm-pdus-untruncated encapsulation type. This setting assumes atm-pdus-untruncated for DLT_SUNATM captures. Use it when you know the captured data contains AAL5 trailers.", &force_untruncated );
}
void
