Direction definition on packet bus with no direction info in packet header

[Andrew Lonsdale <calonsdale1 () gmail com>]

Hi Folks,

I'm writing a dissector for an interface which doesn't indicate direction
of data flow in the packet headers. I currently capture separate files in
pcapng format for uplink and downlink (separate streams), but I could merge
the two into a file. Currently I just open one file and merge the other in
Wireshark itself.

It would be useful to be able to indicate in the PROTOCOL column if a
packet is an uplink or downlink packet, and I have four possible methods in
mind:

1) Have two different DLT's, one for uplink and one for downink, and
effectively treat the two as separate interfaces. This is probably easiest
but seems heavy handed.

2) I have been looking into setting the epb_flags option in the EHB blocks
to indicate uplink and downlink, but I can't find out how to access that
field of data in my dissector.

3) Add an opt_comment with known text ("UP" or "DN") and parse for that
text during dissection. Easy to implement but a bit clunky.

4) Fiddle with a reserved bit in the packet header. This feels like a bad
thing to do as it alters the item under test.

Method 2 feels like it would be the right thing to do, and 3 looks like the
easiest.

Is there a preferred way of dealing with this issue, and does anyone have
any observations about what I am trying to do ?

Kind Regards
Andrew

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe