Conversations - addresses/ports, more general endpoints, and "circuits" with their own IDs

[Guy Harris <guy () alum mit edu>]

Michael Mann is looking at generalizing conversations to handle arbitrary endpoints, presumably not necessarily in the 
form of an AT_ address plus a PT_ numeric port ID.

We also have the notion of "circuits", which are like conversations except that they're identified by a single "circuit 
ID" rather than by endpoints; the circuit types currently supported are

    CT_DLCI,            /* Frame Relay DLCI */
    CT_ISDN,            /* ISDN channel number */
    CT_X25,             /* X.25 logical channel number */
    CT_ISUP,            /* ISDN User Part CIC */
    CT_IAX2,            /* IAX2 call id */
    CT_H223,            /* H.223 logical channel number */
    CT_BICC,            /* BICC Circuit identifier */
    CT_DVBCI,           /* DVB-CI session number|transport connection id */

and there's also

    CT_ISO14443         /* ISO14443 connection between terminal and card
                           the circuit ID is always 0, there's only one
                           such connection */

but presumably there's only one such circuit per capture, and there's a comment noting that an ATM VPI/VCI pair could 
also be a circuit ID.

The conversation and circuit structures are used to hold:

        starting and ending frame numbers (mainly used when testing whether a packet is or isn't in a 
conversation/circuit, I think);

        state data dissectors keep for a given conversation/session;

        a "next dissector" for the protocol for the conversation type, so a dissector can say "dissect everything in 
this conversation as XXX".

Some thoughts that come to mind:

1) While we're generalizing conversations, should we have a "superclass" that includes both endpoint-labeled 
conversations and ID-labeled circuits, so that they can offer common services to dissectors?

2) Can we use conversations/circuits elsewhere, e.g. in the conversations and endpoints UI functions?

3) Would it be useful to add to the "Dissect As..." mechanisms the ability to say, from the UI, "dissect the 
conversation/circuit to which this packet belongs as...", rather than just "dissect this {packet type, transport-layer 
port} as..."?

4) Can we further generalize conversations/circuits to include, for example, multiple endpoint pairs/circuit IDs, so 
that, for example, an NFSv2 or NFSv3 "conversation" would include NFS traffic, NLM (lock manager) traffic, and mount 
protocol traffic?
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe