Re: DLT_LAPB value assignment

[<Mirko.Karanovic () ttc ca>]

Ok,
Here is possible solution to resolve DCE/DTE origin of a LAPB packet.

Wireshark libpcap.h has the  struct pcaprec_ss990915_hdr, which has
ifindex field ( the interface on which packet came in ). During
capturing phase FROM_DCE or FROM_DTE will be stored into ifindex field
of the struct pcaprec_ss990915_hdr. Knowing interface index I know
origin, DCE or DTE.

In the libpcap.c pseudo_header.x25.flags will be updated with direction:
        0x00 ( means from DTE )
or
        0x80 ( FROM_DCE )

in the libpcap_read() and libpcap_seek_read() functions.

In other words extra flag is used to indicate DCE->DTE or DTE->DCE
packet.

Regards

Mirko Karanovic 

-----Original Message-----
From: tcpdump-workers-owner () lists tcpdump org
[mailto:tcpdump-workers-owner () lists tcpdump org] On Behalf Of Guy Harris
Sent: August 15, 2007 2:11 PM
To: tcpdump-workers () lists tcpdump org
Subject: Re: [tcpdump-workers] DLT_LAPB value assignment

Mirko.Karanovic () ttc ca wrote:

>  2Q: Or would it also contain an extra flag to 
> indicate whether the packet is a DTE->DCE or DCE->DTE packet?
>
> 2A:  LAPB contains direction ( DCE to DTE or vice versa) encoded in
the
> Address byte.

Actually, what X.25 (10/96) says is:

        Frames containing commands transferred from the DCE to the DTE
will 
contain the address A for the single link operation and address C for 
the multilink operation.

        Frames containing responses transferred from the DCE to the DTE
will 
contain the address B for the single link operation and address D for 
the multilink operation.

        Frames containing commands transferred from the DTE to the DCE
shall 
contain the address B for the single link operation and address D for 
the multilink operation.

        Frames containing responses transferred from the DTE to the DCE
shall 
contain the address A for the single link operation and address C for 
the multilink operation.

with the address A being 0x03, B being 0x01, C being 0x0F, and D being 
0x07, so, for example, DCE->DTE frames can contain any one of those four

addresses, as can DTE->DCE frames.

I.e., for frames going in a given direction, the address encodes whether

the frame is a request or a response and whether single-link or 
multilink operation is being used.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.


The information transmitted is intended only for the person or entity to which it is addressed and may contain 
confidential and/or privileged material.  Any review retransmission dissemination or other use of or taking of any 
action in reliance upon this information by persons or entities other than the intended recipient or delegate is 
strictly prohibited.  If you received this in error please contact the sender and delete the material from any 
computer.  The integrity and security of this message cannot by guaranteed on the Internet.  The Sender accepts no 
liability for the content of this e-mail or for the consequences of any actions taken on basis of the information 
provided.  The recipient should check this e-mail and any attachments for the presence of viruses.  The sender accepts 
no liability for any damage caused by any virus transmitted by this e-mail.  This disclaimer is the property of the TTC 
and must not be altered or circumvented in any manner.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.