Wireshark-dev: Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?

From: "Michael Lum" <michael.lum@xxxxxxxxxxxxxxxxx>
Date: Fri, 19 Jun 2009 17:29:47 -0700
I was thinking mainly in terms of SCCP.

There are protocols on top of SCCP where the receiver/sender is
important.

Currently the SCCP code is setting the direction to SENT for which ever
point code originates the SCCP Connection Request.
Which is logical if you are trying to indicate who initated the
connection
but it is not helpful for some of the protocols on top.

For example:

OTA (IS-638)
ANSI-A (IOS)
SCCP

The two entities involved, from the SCCP standpoint, are
the BSC and an MSC.

The OTA dissector needs to know whether the message is going
from BSC -> MSC or MSC -> BSC.

SCCP Connection Requests can go in either direction.

The old code that I originally put in, that remains but gets overridden,
had the p2p_dir being set based on a 'Source PC' preference.
Not something I particularly liked but it worked.

I'm trying to figure out if the p2p_dir direction setting in the SCCP
code is doing what it was supposed to.  (get_sccp_assoc())

Does anyone know or is there some other mechanism that will
provide the information I need?

Thank you

--
Michael Lum                   Principal Software Engineer
4600 Jacombs Road             +1.604.276.0055
Richmond, B.C.
Canada V6V 3B1
Star Solutions 

> -----Original Message-----
> From: wireshark-dev-bounces@xxxxxxxxxxxxx 
> [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Guy Harris
> Sent: June 19, 2009 2:39 PM
> To: Developer support list for Wireshark
> Subject: Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
> 
> 
> On Jun 19, 2009, at 9:25 AM, Jeff Morriss wrote:
> 
> > Well, I don't know if it's the same for all protocols, but it's 
> > usually set to one of these defines:
> >
> > epan/packet_info.h:#define P2P_DIR_UNKNOWN      -1
> 
> ...which means "there's not enough information in the file to 
> determine the direction".
> 
> > epan/packet_info.h:#define P2P_DIR_SENT 0 
> epan/packet_info.h:#define 
> > P2P_DIR_RECV 1
> > epan/packet_info.h:#define P2P_DIR_UL   0
> > epan/packet_info.h:#define P2P_DIR_DL   1
> >
> > It's useful in protocols when you know you're the sender or the 
> > receiver (and that makes a difference when dissecting).
> 
> Although, in some places, it just matters whether the traffic 
> is going "to the left" or "to the right"; if, for example, 
> the capture comes from a passive tap, you're *a* receiver for 
> all of it, but you still might be able to tell the difference 
> between the two directions.
> 
> For some protocols, where you have a network endpoint 
> communicating with a network (ISDN, for example), "sent" 
> should probably mean "user to network" and "received" should 
> probably mean "network to user".
> ______________________________________________________________
> _____________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
>