On 5/30/05, Guy Harris <gharris@xxxxxxxxx> wrote:
> LEGO wrote:
> > let's suppose I need to add SSCOP as an "encapsulation" to wiretap/ethereal
>
> "Encapsulation" as in "a WTAP_ENCAP_ value for captures where the
> outermost protocol layer is SSCOP"? I.e., not SSCOP over, say, ATM AAL5
> frames?
It was AAL5 on the wire. the encapsulation it is not in the file. I
have just the sscop trailer and the payload if any.
> > What do I need to do to add SSCOP to wiretap / packet-frame ?
>
> First, add the new WTAP_ENCAP_ value to wiretap/wtap.h and add an entry
> for it to "encap_table[]" in wiretap/wtap.c, and then either
>
> 1) use libpcap format for the capture, and get a DLT_ value from
> tcpdump-workers@xxxxxxxxxxx (DLT_SSCOP, or something such as that)
>
> or
>
> 2) add support to Wiretap for whatever capture file format is used for
> the SSCOP traces.
This is what I plan to do.
> Then have "proto_reg_handoff_sscop()" in packet-sscop.c register
> "dissect_sscop()" in the "wtap_encap" dissector table with the new
> WTAP_ENCAP value.
Actually the new WTAP_ENCAP valueS because there can be many types of
payload (mtp3/mtp2, mtp3b/sscop, h248/sscop, x/ethernet, and more...)
in that format (Tektronix k12's .rf5), SSCOP is the anomalous case
because I need to "split" the packet before and then pass the payload
to one dissector and the rest of it to sscop.
> > And most of it, how should I hanlde the fact that the data elements of
> > sscop are a trailer of the transported packet and not a header as it
> > normally happens.
>
> By using "dissect_sscop()", which already knows about that.
Luis
--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan