Wireshark mailing list archives
STANAG 5066 SIS Dissector and ACP142/DMP
From: Ricardo Cristian Ramirez <r.cristian.ramirez () gmail com>
Date: Fri, 2 Jan 2015 03:49:42 +0200
Hi, I have been analyzing Acp 142 (P_Mul) data over IP network and everything was fine. However, I couldn't analyze Acp 142 data over HF network (STANAG 5066). S'5066 SIS dissector displays the data section (UPDU) succesfully but this UPDU contains transport layer header of S'5066 network when the S'5066 client is TMMHS client (so that it cannot be dissected by Acp 142). The name of the discussed transport layer is RCOP/UDOP and details are given in STANAG 5066 Ed. 2 ANNEX F.8 and F.9. Header bytes can be seen as the first six bytes of data section in the attachment before.cap (00 0X 00 00 20 00). S'5066 provides HF subnetwork serivce to different type of clients. Specification describes a transport layer for some clients like Acp 142 and DMP but not for all of them. Since RCOP/UDOP header definition are given in S'5066 specification, consuming these header bytes in S'5066 SIS dissector may be appropriate. The attachment s5066sis.diff suggests below changes: - When the client type is TMMHS, RCOP or UDOP client (sapid == 2, 6 and 7), add a tree item after the pdu type tree item and display transport layer content - If the incoming SIS primitive doesn't contain a UPDU (e.g. BIND_ACCEPTED), don't add tree item - Specify an application identifier and register it to the dissector table ("s5066sis.ctl.appid"). This identifier is used to call related dissector (Acp 142 or DMP). This make sense because there are different application identifiers for Acp 142 (0x2000 TMI-1) and DMP (0x2003 TMI-4). - If there is not a defined application for the incoming data, call data handle dissector as usual - After the above changes, P_Mul tells that it accepts data when the application identifier is 0x2000. dissector_add_uint ("s5066sis.ctl.appid", 0x2000, p_mul_handle); - And in DMP (by the way, I didn't tested DMP): dissector_add_uint ("s5066sis.ctl.appid", 0x2003, dmp_handle); The view of the tree is like in atachment after.png I'm not a wireshark expert but these changes solved my problem. If there is a better solution, please direct me the right way. Note: Sometimes, discussed changes causes malformed data assertion for P_Mul dissector from the statement "DISSECTOR_ASSERT (pkg_data);", just before the return statement in the register_p_mul_id() function. When I looked the calls of this function, there is a null check everytime it is called. Hence, I removed the assertion and it seems that everytihng is normal. Thanks.
Attachment:
s5066sis.diff
Description:
Attachment:
before.pcap
Description:
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- STANAG 5066 SIS Dissector and ACP142/DMP Ricardo Cristian Ramirez (Jan 01)
- Re: STANAG 5066 SIS Dissector and ACP142/DMP Pascal Quantin (Jan 02)
- Re: STANAG 5066 SIS Dissector and ACP142/DMP pogiako (Jan 02)
- Re: STANAG 5066 SIS Dissector and ACP142/DMP Pascal Quantin (Jan 02)
- Re: STANAG 5066 SIS Dissector and ACP142/DMP pogiako (Jan 02)
- Re: STANAG 5066 SIS Dissector and ACP142/DMP Pascal Quantin (Jan 02)