Wireshark mailing list archives
Re: Direction definition on packet bus with no direction info in packet header
From: Martin Kaiser <lists () kaiser cx>
Date: Sun, 28 Oct 2012 19:22:54 +0100
Hi, Thus wrote Andrew Lonsdale (calonsdale1 () gmail com):
I'm writing a dissector for an interface which doesn't indicate direction of data flow in the packet headers. I currently capture separate files in pcapng format for uplink and downlink (separate streams), but I could merge the two into a file. Currently I just open one file and merge the other in Wireshark itself.
It would be useful to be able to indicate in the PROTOCOL column if a packet is an uplink or downlink packet, and I have four possible methods in mind:
1) Have two different DLT's, one for uplink and one for downink, and effectively treat the two as separate interfaces. This is probably easiest but seems heavy handed.
2) I have been looking into setting the epb_flags option in the EHB blocks to indicate uplink and downlink, but I can't find out how to access that field of data in my dissector.
3) Add an opt_comment with known text ("UP" or "DN") and parse for that text during dissection. Easy to implement but a bit clunky.
4) Fiddle with a reserved bit in the packet header. This feels like a bad thing to do as it alters the item under test.
Method 2 feels like it would be the right thing to do, and 3 looks like the easiest.
Is there a preferred way of dealing with this issue, and does anyone have any observations about what I am trying to do ?
it sounds like your setup is quite similar to DVB-CI (packet-dvbci.c). DVB-CI sends a stream of bytes without direction information but the capturing tool is aware of the direction. The solution we came up with is to have one DLT. The pcap packet data consists of a pseudo-header and the actual bytes that are transfered. The dissector picks up the direction from the pseudo-header. The capturing tool has to create the pseudo header for every packet it captures. Would something like this work for you as well? Martin ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Direction definition on packet bus with no direction info in packet header Andrew Lonsdale (Oct 24)
- Re: Direction definition on packet bus with no direction info in packet header Martin Kaiser (Oct 28)
- Re: Direction definition on packet bus with no direction info in packet header Guy Harris (Oct 28)
- Re: Direction definition on packet bus with no direction info in packet header Andrew Lonsdale (Oct 30)
- Re: Direction definition on packet bus with no direction info in packet header Martin Kaiser (Oct 28)