Wireshark-dev: [Wireshark-dev] ATM Dissector - atm-pdus-untruncated support for libpcap files

From: João Pedro Fonseca <j.pedro.fonseca@xxxxxxxxxxxxxxx>
Date: Mon, 12 Mar 2007 12:06:28 +0000
Hello,

I'm working on a project that uses an Endace card to capture ATM traffic. These captures are in ERF format (Endace's proprietary format), and Wireshark can read them perfectly.
However, I'm also using mergecap, editcap and tshark to post-process the 
files, and they convert them to libpcap format, using the atm-pdus 
encapsulation type.
This encapsulation type states that the AAL5 trailers are not included 
in the captured data, but the conversion process leaves the trailer in 
anyway. This is probably because there is no libpcap equivalent of the 
atm-pdus-untruncated encapsulation type, and a best effort conversion is 
made.
The problem is that the ATM dissector assumes that no trailer is 
present, and some higher-level protocol dissectors (SSCOP, for example) 
are not working well as a result.
I solved the problem with the attached patch. It adds a 
"atm.force_untruncated" configuration option to the ATM dissector. When 
set, it assumes the trailer is present, even if the encapsulation type 
is atm-pdus.
The perfect way of solving this problem would be to create a libpcap 
format equivalent to atm-pdus-untruncated, and modify the ERF->libpcap 
conversion code to use it - but this may take a little more time and 
effort. My patch can serve as a temporary solution to this problem...
Could you please consider the inclusion of this patch in the next 
version of Wireshark?
Thanks,
Jo�o Fonseca




--- /tmp/wireshark-0.99.5/epan/dissectors/packet-atm.c	2007-02-01 23:00:48.000000000 +0000
+++ /usr/local/src/wireshark-0.99.5/epan/dissectors/packet-atm.c	2007-03-12 11:45:40.801621033 +0000
@@ -72,6 +72,8 @@
 static dissector_handle_t data_handle;
 
 static gboolean dissect_lanesscop = FALSE;
+static gboolean force_untruncated = FALSE;
+
 
 /*
  * See
@@ -1568,6 +1570,8 @@
   	dissect_lanesscop ) {
   	pinfo->pseudo_header->atm.aal = AAL_SIGNALLING;
   }
+  if ( force_untruncated )
+	  truncated = FALSE;
 
   if (check_col(pinfo->cinfo, COL_PROTOCOL))
     col_set_str(pinfo->cinfo, COL_PROTOCOL, "ATM");
@@ -1711,6 +1715,7 @@
 	prefs_register_bool_preference ( atm_module, "dissect_lane_as_sscop", "Dissect LANE as SSCOP",
 		"Autodection between LANE and SSCOP is hard. As default LANE is preferred",
 		&dissect_lanesscop);
+	 prefs_register_bool_preference ( atm_module, "force_untruncated", "Force atm-pdus-untruncated encapsulation type", "The libpcap format desn't define the atm-pdus-untruncated encapsulation type. This setting assumes atm-pdus-untruncated for DLT_SUNATM captures. Use it when you know the captured data contains AAL5 trailers.", &force_untruncated );
 }
 
 void