Wireshark mailing list archives

Re: Direction definition on packet bus with no direction info in packet header

From: Martin Kaiser <lists () kaiser cx>
Date: Sun, 28 Oct 2012 19:22:54 +0100

Hi,

Thus wrote Andrew Lonsdale (calonsdale1 () gmail com):

I'm writing a dissector for an interface which doesn't indicate direction
of data flow in the packet headers. I currently capture separate files in
pcapng format for uplink and downlink (separate streams), but I could merge
the two into a file. Currently I just open one file and merge the other in
Wireshark itself.

It would be useful to be able to indicate in the PROTOCOL column if a
packet is an uplink or downlink packet, and I have four possible methods in
mind:

1) Have two different DLT's, one for uplink and one for downink, and
effectively treat the two as separate interfaces. This is probably easiest
but seems heavy handed.

2) I have been looking into setting the epb_flags option in the EHB blocks
to indicate uplink and downlink, but I can't find out how to access that
field of data in my dissector.

3) Add an opt_comment with known text ("UP" or "DN") and parse for that
text during dissection. Easy to implement but a bit clunky.

4) Fiddle with a reserved bit in the packet header. This feels like a bad
thing to do as it alters the item under test.

Method 2 feels like it would be the right thing to do, and 3 looks like the
easiest.

Is there a preferred way of dealing with this issue, and does anyone have
any observations about what I am trying to do ?


it sounds like your setup is quite similar to DVB-CI (packet-dvbci.c).
DVB-CI sends a stream of bytes without direction information but the
capturing tool is aware of the direction.

The solution we came up with is to have one DLT. The pcap packet data
consists of a pseudo-header and the actual bytes that are transfered.
The dissector picks up the direction from the pseudo-header.
The capturing tool has to create the pseudo header for every packet it
captures.

Would something like this work for you as well?

   Martin
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Direction definition on packet bus with no direction info in packet header Andrew Lonsdale (Oct 24)
- Re: Direction definition on packet bus with no direction info in packet header Martin Kaiser (Oct 28)
  - Re: Direction definition on packet bus with no direction info in packet header Guy Harris (Oct 28)
- Re: Direction definition on packet bus with no direction info in packet header Andrew Lonsdale (Oct 30)