Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
The A-interface specs, both GSM and ANSI (3GPP2), indicate which way SCCP messages go and what subset of SCCP can be used. I haven't looked at the GSM specs for a while but ANSI-A (3GPP2 IOS) indicates which messages can be carried on which SCCP messages and which entity will generate connection requests but some messages are bi-directional. For example, the ADDS Deliver message is used in both directions for carrying SMS, OTA (IS-683), etc. IS-683 doesn't have anything to indicate the direction. Anders Broman has added 'link_dir' to solve this. Thanks for the help. -- Michael Lum Principal Software Engineer 4600 Jacombs Road +1.604.276.0055 Richmond, B.C. Canada V6V 3B1 Star Solutions -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Guy Harris Sent: June 21, 2009 10:16 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ? On Jun 19, 2009, at 5:29 PM, Michael Lum wrote: I was thinking mainly in terms of SCCP. There are protocols on top of SCCP where the receiver/sender is important. Currently the SCCP code is setting the direction to SENT for which ever point code originates the SCCP Connection Request. Which is logical if you are trying to indicate who initated the connection but it is not helpful for some of the protocols on top. Then perhaps there need to be separate direction indications - and perhaps some of them should use the pinfo-private_data pointer. For example: OTA (IS-638) ANSI-A (IOS) SCCP The two entities involved, from the SCCP standpoint, are the BSC and an MSC. Q.711 speaks of peer-to-peer communication, and doesn't seem to indicate that SCCP has any notion of particular roles for the endpoints (just as neither TCP nor UDP do), so presumably there's nothing inherent to SCCP to indicate which endpoint is which. Is there anything in the A interface to indicate that? I presume there's nothing in IS-638 to indicate that. __ _ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
On Jun 19, 2009, at 5:29 PM, Michael Lum wrote: I was thinking mainly in terms of SCCP. There are protocols on top of SCCP where the receiver/sender is important. Currently the SCCP code is setting the direction to SENT for which ever point code originates the SCCP Connection Request. Which is logical if you are trying to indicate who initated the connection but it is not helpful for some of the protocols on top. Then perhaps there need to be separate direction indications - and perhaps some of them should use the pinfo-private_data pointer. For example: OTA (IS-638) ANSI-A (IOS) SCCP The two entities involved, from the SCCP standpoint, are the BSC and an MSC. Q.711 speaks of peer-to-peer communication, and doesn't seem to indicate that SCCP has any notion of particular roles for the endpoints (just as neither TCP nor UDP do), so presumably there's nothing inherent to SCCP to indicate which endpoint is which. Is there anything in the A interface to indicate that? I presume there's nothing in IS-638 to indicate that. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
Hi, I recently introduced link_dir for this purpose as I was Suspecting that p2p_dir was used differently. /* Link direction */ #define LINK_DIR_UNKNOWN-1 #define P2P_DIR_UL 0 #define P2P_DIR_DL 1 Should perhaps have been LINK_DIR_UL/LINK_DIR_DL Regards Anders -Ursprungligt meddelande- Från: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] För Michael Lum Skickat: den 20 juni 2009 02:30 Till: Developer support list for Wireshark Ämne: Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ? I was thinking mainly in terms of SCCP. There are protocols on top of SCCP where the receiver/sender is important. Currently the SCCP code is setting the direction to SENT for which ever point code originates the SCCP Connection Request. Which is logical if you are trying to indicate who initated the connection but it is not helpful for some of the protocols on top. For example: OTA (IS-638) ANSI-A (IOS) SCCP The two entities involved, from the SCCP standpoint, are the BSC and an MSC. The OTA dissector needs to know whether the message is going from BSC - MSC or MSC - BSC. SCCP Connection Requests can go in either direction. The old code that I originally put in, that remains but gets overridden, had the p2p_dir being set based on a 'Source PC' preference. Not something I particularly liked but it worked. I'm trying to figure out if the p2p_dir direction setting in the SCCP code is doing what it was supposed to. (get_sccp_assoc()) Does anyone know or is there some other mechanism that will provide the information I need? Thank you -- Michael Lum Principal Software Engineer 4600 Jacombs Road +1.604.276.0055 Richmond, B.C. Canada V6V 3B1 Star Solutions -Original Message- From: wireshark-dev-boun...@wireshark.org [mailto:wireshark-dev-boun...@wireshark.org] On Behalf Of Guy Harris Sent: June 19, 2009 2:39 PM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ? On Jun 19, 2009, at 9:25 AM, Jeff Morriss wrote: Well, I don't know if it's the same for all protocols, but it's usually set to one of these defines: epan/packet_info.h:#define P2P_DIR_UNKNOWN -1 ...which means there's not enough information in the file to determine the direction. epan/packet_info.h:#define P2P_DIR_SENT 0 epan/packet_info.h:#define P2P_DIR_RECV 1 epan/packet_info.h:#define P2P_DIR_UL 0 epan/packet_info.h:#define P2P_DIR_DL 1 It's useful in protocols when you know you're the sender or the receiver (and that makes a difference when dissecting). Although, in some places, it just matters whether the traffic is going to the left or to the right; if, for example, the capture comes from a passive tap, you're *a* receiver for all of it, but you still might be able to tell the difference between the two directions. For some protocols, where you have a network endpoint communicating with a network (ISDN, for example), sent should probably mean user to network and received should probably mean network to user. __ _ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
Michael Lum wrote: Hello, is there a fixed meaning of packet_info.p2p_dir for all protocols? What is that value supposed to mean? Well, I don't know if it's the same for all protocols, but it's usually set to one of these defines: epan/packet_info.h:#define P2P_DIR_UNKNOWN -1 epan/packet_info.h:#define P2P_DIR_SENT 0 epan/packet_info.h:#define P2P_DIR_RECV 1 epan/packet_info.h:#define P2P_DIR_UL 0 epan/packet_info.h:#define P2P_DIR_DL 1 It's useful in protocols when you know you're the sender or the receiver (and that makes a difference when dissecting). ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] Meaning of packet_info.p2p_dir ?
On Jun 19, 2009, at 9:25 AM, Jeff Morriss wrote: Well, I don't know if it's the same for all protocols, but it's usually set to one of these defines: epan/packet_info.h:#define P2P_DIR_UNKNOWN -1 ...which means there's not enough information in the file to determine the direction. epan/packet_info.h:#define P2P_DIR_SENT 0 epan/packet_info.h:#define P2P_DIR_RECV 1 epan/packet_info.h:#define P2P_DIR_UL 0 epan/packet_info.h:#define P2P_DIR_DL 1 It's useful in protocols when you know you're the sender or the receiver (and that makes a difference when dissecting). Although, in some places, it just matters whether the traffic is going to the left or to the right; if, for example, the capture comes from a passive tap, you're *a* receiver for all of it, but you still might be able to tell the difference between the two directions. For some protocols, where you have a network endpoint communicating with a network (ISDN, for example), sent should probably mean user to network and received should probably mean network to user. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
[Wireshark-dev] Meaning of packet_info.p2p_dir ?
Hello, is there a fixed meaning of packet_info.p2p_dir for all protocols? What is that value supposed to mean? -- Michael Lum Principal Software Engineer 4600 Jacombs Road +1.604.276.0055 Richmond, B.C. Canada V6V 3B1 Star Solutions ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
