tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Patch for mtp2 filtering

From: Florent.Drouin () alcatel-lucent fr
Date: Fri, 22 Dec 2006 08:58:19 +0100

      Guy,


Thank you for applying the patch, next time I will use the extension .txt
with "diff -u" generated files.
Concerning the MTP3 filters, they are working great.
The base datalink is DLT_MTP2, but the filter is working on the MTP3 layer.
But you are right, It seems the datalink for MTP3 is used only for
application's traces, and not for a capture device.

Best regards
Florent





                                                                                                                        
                    
                      Guy Harris                                                                                        
                    
                      <guy () alum mit edu>                   To:      tcpdump-workers () lists tcpdump org             
                          
                      Sent by:                             cc:                                                          
                    
                      tcpdump-workers-owner@lists.         Subject: Re: [tcpdump-workers] Patch for mtp2 filtering      
                    
                      tcpdump.org                                                                                       
                    
                                                                                                                        
                    
                                                                                                                        
                    
                      21/12/2006 20:58                                                                                  
                    
                      Please respond to                                                                                 
                    
                      tcpdump-workers                                                                                   
                    
                                                                                                                        
                    




Florent.Drouin () alcatel-lucent fr wrote:


Here is a short patch to implement filtering for MTP2 frames on SS7.
You can now use "fisu", "lsu", or "msu" to filter the MTP2 messages at
libpcap level.
In most of the case, the filter to use will be "!fisu", to have only the
significants frames.


I checked it in (one of the versions you sent managed to make it through
your mail system, as per my other messages), with some cleanups.  It's
in both the main and x.9 branches.


Additionaly, ou can use the already existent filters for MTP3
like "opc 9646 or dpc 9646"


It looks as if they don't work with DLT_MTP3 captures, as, for DLT_MTP3,
off_sio, etc. aren't set.  I'm not sure whether any capture device uses
DLT_MTP3, however, so that might not ever have been tested.


The patch is based on libpcap-2006.12.13, with diff commands, but not

from

the cvs release.


Unfortunately, that made it a bit difficult to apply; I applied it to
top-of-tree CVS, and had to manually fix it up, as the line numbers had
changed.

"diff -c" and "diff -u" avoid that problem - the patches can usually be
applied to versions of the software to which changes have been made
since the patch was made.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.




-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: