Hi all, Thank you for your support. I want to generate pcap file using RLC-LTE PDU frames same as like MAC-LTE-PCAP-SAMPLE-CODE.C which is available in MAC-LTE Wireshark link.What is the DLT USER ID for RLC-LTE protocol and PDCP-LTE protocol and what are the settings I have to make in wireshark. Thanks and regards, Sathish. asked 28 Mar '15, 23:20  Sathish kannan edited 10 Apr '15, 03:58  Bill Meier ♦♦ |
One Answer:
The easiest is to use the framing over UDP protocol defined here. You can even find a sample program from the wiki page. For PDCP use the protocol defined here and the sample program found here. In Wireshark, you must ensure that the following options are checked:
answered 29 Mar '15, 01:50  Pascal Quantin Hi all, Thank you for your reply. What is the DLT USER ID for RLC-LTE protocol and PDCP-LTE protocol. Thanks and regards, Sathish. (30 Mar '15, 05:22) Sathish kannan There is no DLT for those protocols (neither there is one for MAC LTE, the sample program is reusing a User DLT one), as there are not transport layers. One way to get dissection of packets is to use the UDP framing protocol (that's what is done in rlc_lte_logger.c). In that case the RLC/PDCP protocol is part of the UDP payload. (30 Mar '15, 07:03) Pascal Quantin Hi Pascal, Thank you for your reply. In rlc_lte_logger.c is working fine.I am able to dissect rlc-lte PDUs. I am trying to create PCAP log file for RLC-LTE protocol with, DLT USER ID:156, PAYLOAD: RLC-LTE I got the following error: can't dissect RLC-LTE frame because no per frame info was attached. What are all the RLC-LTE Frame per info?. What is the UDP framing protocol format for RLC-LTE protocol to create pcap file? Please help me to resolve this issue. Thanks and Regards, Sathish (07 Apr '15, 03:15) Sathish kannan As explained in my first post, the UDP framing protocol (allowing to attach per frame info) is explained in https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-rlc-lte.h;hb=refs/heads/master and rlc_lte_logger.c is an example using this framing format. So you need to modify your application performing the logging so as to fullfill this requirement (typically there is no need to use a specific DLT). As Martin explained, the format used in mac_pcap_sample_code.c file does not exist for RLC. (07 Apr '15, 05:57) Pascal Quantin Hi pascal, Thank you for your reply. Only possible way to log RLC - LTE PDUs we have to modify our application like rlc_lte_logger.c. No other way like mac_pcap_sample_code.c.if its please explain ? What about PDCP its also like RLC? Thanks Sathish. (08 Apr '15, 00:17) Sathish kannan PDCP has its own UDP over framing protocol, like RLC. The easiest is to do like for RLC (see the pdcp_lte_logger.c sample code found on the wiki). If you want your own transport protocol for RLC/PDCP (like the one used in packet-mac-lte-framed.c) you will have to code it yourself (like a Wireshark plugin for example). (08 Apr '15, 01:27) Pascal Quantin Hi Sathish, If writing directly to a PCAP file (rather than sending out a message over UDP) really is more convenient for you, you could create a new dissector for RLC frames (similar to packet-mac-lte-framed.c), and write RLC PDUs into the file in a similar way to mac_pcap_sample_code.c. Notice how packet-mac-lte-framed.c calls dissect_mac_lte_context_fields() for the header - it would make sense to do something similar for RLC. There is no reason why the RLC (and PDCP) 'framing' dissectors couldn't be submitted and checked in if they are useful. I always meant to register a proper DLT for MAC PDUs, but I wasn't aware of anyone (other than me) using it. N.B. I hadn't seen Pascal's comment before I wrote this... (08 Apr '15, 08:17) MartinM Hi pascal and Martin, Thank you for your valuable contribution. I have created a dissector for RLC frames ( packet-rlc-lte-framed.c ) and PDCP frames ( packet- pdcp -lte-framed.c ) similar to ( packet-mac-lte-framed.c ).I have placed in /epan/dissector directory in source code. What is the procedure to build source code with added plugin and make it ready to work. Thanks and Regards Sathish. (09 Apr '15, 23:34) Sathish kannan See README.plugins in the doc directory of the sources. You should also look at README.dissector, and then follow the instructions in the Wireshark Developers Guide for setting up a build environment and producing your own build. (10 Apr '15, 02:15) grahamb ♦ Hi pascal and Martin, Thank you for your valuable contribution. I have created a dissector for RLC frames ( packet-rlc-lte-framed.c ) and PDCP frames ( packet- pdcp -lte-framed.c ) similar to ( packet-mac-lte-framed.c ).I have placed in /epan/dissector directory in source code. I have builded the wireshark from source code with packet-rlc-lte-framed.c and packet-PDCP-lte-framed.c files using the procedure listed in the following link [https://community.gns3.com/community/forum/blog/2015/01/21/how-to-build-wireshark-1123-from-scratch-in-ubuntu][1] But I am not able to generate libdissectors_la-packet-rlc-lte-framed.lo and libdissectors_la-packet-pdcp-lte-framed.lo files by using libtool (GNU libtool) 2.4.2 Debian-2.4.2-1.3ubuntu1 when installing the wireshark. Is there any procedure to register rlc-lte-framed and pdcp -lte-framed files? Kindly help me to resolve this issue. Thanks and Regards, Sathish. (20 Apr '15, 22:22) Sathish kannan The link you mention appears to be down, but the steps you need to take are to add your dissectors to epan/dissectors/Makefile.common, make sure configure runs again, and build. (21 Apr '15, 02:14) MartinM The best guide for building Wireshark is the Wireshark Development Guide, not 3rd party sites that may be out of date. In particular see section 9.2 (21 Apr '15, 02:56) grahamb ♦ Hi pascal,grahamb and Martin, Thank you for your valuable contribution. When I am building the wireshark source code with rlc-lte-framed and pdcp -lte-framed files.I got the following errors . epan/.libs/libwireshark.so:undefined reference to 'dissect-rlc-lte-context-fields' collect2:error:ld returned 1 exit status make[2]: [dfest] Error 1* *make[2]: Waiting for unfinished jobs Kindly help me to resolve this issue. Thanks, Sathish (22 Apr '15, 07:02) Sathish kannan Well we are back to basic C questions now. I guess you modified packet-lte-rlc.c so as to extract the relevant code part from dissect_rlc_lte_heur() function, and put it in dissect_rlc_lte_context_fields() function, right? If yes, ensure that the function is not defined as static. (22 Apr '15, 09:36) Pascal Quantin showing 5 of 14 show 9 more comments |
The equivalent of mac-lte-framed was never created for RLC and PDCP. The MAC one was created for use with a software tool that decoded I/Q samples directly, i.e. not in real time.