Holger Freyther wrote:
Hi all,
I wrote a simple lua script[1] with the intention to split a trace based on
SCCP connections and then only keep the connections that have shown kind of a
problem. In general it is working fine but I have one problem. I am missing
SCCP packets in my trace. I wonder if the following might be an explanation.
What happens if there are multiple IP packets in one Ethernet frame? Will
tap:packet be called for each IP packet inside the frame or will I need to
iterate over the packets from within the tap:packet() call?
Each IP packet is sent to the tap separately, even if there are multiple
IP packets per frame (at least AFAICS).
But, are you dealing with multiple IP packets per frame or multiple SCTP
data chunks (and thus M3UA and SCCP packets) per frame?
If the latter, you might be better off tapping higher--maybe at the M3UA
or SCCP tap.
