This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Dissecting CLNP over X.25 (ISO 8473-3) with the ICAO’s LREF header compression

0

Hello, I want to analyse the CLNP PDU coming from X.25 (SNCDF). In packat-clnp.c we have dissector_add_uint("x.25.spi", NLPID_ISO8473_CLNP, clnp_handle); So we add the dissector referecend by clnp_handle to the dissector table referenced by x.25.spi for the unit NLPID_ISO8473_CLNP. so why we don't have the detail of the CLNP PDU??

Thank you

asked 19 Dec '12, 10:59

Gigi's gravatar image

Gigi
6336
accept rate: 100%

edited 24 Jan '13, 03:13

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


3 Answers:

1

The SPI is only present in an X.25 CALL REQUEST packet, so, unless you've captured the CALL REQUEST packet for the X.25 virtual circuit, there won't be enough information to allow the X.25 dissector to determine that the traffic is CLNP. Unless there's some way to heuristically detect CLNP packets, handling CLNP-over-X.25 in captures that don't include the X.25 CALL REQUEST packet would require a way to do a "decode as..." to specify that a particular virtual circuit's packets should be dissected as CLNP.

answered 19 Dec '12, 20:03

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

I changed the preference of wireshark and it work well when i have CLNP over X.25. But it not worked when i have CLNP over SNDCF and SNDCF over X25. I think that i have to develop the dissector SNDCF :( What do you think? Thank you

(20 Dec '12, 08:16) Gigi

There's already an SNDCP dissector. Does that help?

(20 Dec '12, 08:46) Jaap ♦

@Gigi

I've converted your multiple "answers" to comments as that's how this site works, please read the FAQ for more details.

(20 Dec '12, 08:58) grahamb ♦

So, by SNDCF, do you mean "ISO 8473-3: Protocol for providing the connectionless-mode network service: Provision of the underlying service by an X.25 subnetwork"? I.e., you're referring to, as section 1 "Scope" of ISO 8473-3 says, "a Subnetwork Dependent Convergence Function (SNDCF) as described in ISO/IEC 8648", using X.25 as the subnetwork? If so, I see nothing in ISO 8473-3 to indicate that there's anything in the X.25 frames other than a CLNP frame, so what's not working for "CLNP over SNDCF over X.25" (and how do you do CLNP-over-X.25 without the 8473-3 SNDCF?)?

(20 Dec '12, 11:39) Guy Harris ♦♦

@Jaap: "SNDCP" is for running various protocols atop GPRS; "SNDCF" is for running the ISO CLNP atop various other protocols, including X.25.

(20 Dec '12, 11:44) Guy Harris ♦♦

@Guy: Thanks for pointing this out. I did only a quick check and stumbled upon something that at least sounded the same :)

(21 Dec '12, 01:15) Jaap ♦

I'm talking about SNDCF (Sub-Network Dependent Convergence Function) concerning the The ATN(Aeronautical Telecommunication Network). According to the standard we can talk also about SNDCP (Sub-Network Dependent Convergence Function). Il's in the layer 3. it's Needed for harmonisation of service interface -At CLNP lower level: • Sending data: SN_DATA.request • Receiving data: SN_DATA.indication -At the sub-network level: • it depends on the sub-network protocol Connected? Not connected?

(I'm beginner in this domain)

(21 Dec '12, 02:49) Gigi

According to the standard we can talk also about SNDCP (Sub-Network Dependent Convergence Function).

Presumably you meant "SNDCP (Sub-Network Dependent Convergence Protocol)". Where is that protocol documented? What Wireshark implements is the protocol described in ISO 8473-3; if that doesn't work for you, then what's being used in your case is not that protocol, so some other document describes it.

(21 Dec '12, 03:48) Guy Harris ♦♦

I'm talking about SNDCF for ISO/IEC 8208 Mobile Subnetworks. Is documented there Manual on detailed technical specifications for the Aeronautical Telecommunication Network using ISO/OSI standards. I try to uncompress data with algorithm deflate or/and lref. Do you khnow how we can do that, do you have some area to help me plz?

Thank you

(24 Jan '13, 01:05) Gigi
showing 5 of 9 show 4 more comments

1

"ISO/IEC 8028" is also spelled "ITU-T Recommendation X.25" if you're a cheap bastard, as I am. :-)

According to Issues Related to the Implementation of IPv6-based ATN and Applications from the ICAO, "ISO has defined SNDCF for CLNP over Ethernet (ISO 8473-2), X.25 (ISO 8473-3), OSI data link (ISO 8473-4), and ISDN (ISO 8473-5).", so presumably "SNDCF for ISO/IEC 8208 Mobile Subnetworks" is "SNDCF for CLNP over X.25 (ISO 8473-3)", or, err, umm, "for running the ISO CLNP atop various other protocols, including X.25".

If that's not what you mean by SNDCF, please cite a document that gives a precise description of what you mean by SNDCF. (Or, as the saying goes, "Specs or...." :-))

As for "LREF compression", an Amendment Proposal says "ATNP has requested that we harmonize our CLNP header compression to the LREF standard documented in ICAO Doc 9705."

This catalog entry says ICAO Doc 9705 is the "Manual of Technical Provisions for the Aeronautical Telecommunications Network (ATN)". Sadly, all they offer is a UKP 230.00 CD-ROM - and, sadly, the ICAO's online shop doesn't have an on-line version, either.

And, as I said before, "What Wireshark implements is the protocol described in ISO 8473-3; if that doesn't work for you, then what's being used in your case is not that protocol, so some other document describes it." If that's the case, again, please cite a document that gives a precise description of what you mean by SNDCF; if you do not tell us where to find such a document, we will not be able to help you!

As for "LREF compression", an Amendment Proposal says "ATNP has requested that we harmonize our CLNP header compression to the LREF standard documented in ICAO Doc 9705."

This catalog entry says ICAO Doc 9705 is the "Manual of Technical Provisions for the Aeronautical Telecommunications Network (ATN)". Sadly, all they offer is a UKP 230.00 CD-ROM - and, sadly, the ICAO's online shop doesn't have an on-line version, either.

However, SUPPLEMENT TO HEADER COMPRESSION IN MOBILE SUBNETWORK appears to describe that compression to some degree; see, for example, section 2.3 "CLNP PDU header compression".

How can you handle that? By writing some code, by paying somebody to write that code, or by somehow making somebody interested in writing that code for free. Digging up all this information is enough work for me for a while (and trying to get enough information to determine what the questions were about was like pulling teeth; please do not assume, when asking questions about protocols used in a very specialized domain such as communications between aircraft and ground stations, that people reading your question will be familiar with all the details of the protocols used!), and I have enough other things going on that I'm not going to be interested in writing that code.

answered 24 Jan '13, 02:42

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

edited 24 Jan '13, 03:10

0

It is not clear to me where the given traces originate nor which SNDCF was used IMHO the sample could be taken from a X.25 SNDCF (ground-ground) connection as well as from Mobile SNDCF (X.25/CLNP with various compression techiques) which is used for air-ground communication.

Some recent ICAO Documentation about air/ground datalink can be found here: http://legacy.icao.int/anb/panels/acp/repository.cfm#publications

Legacy OSI standards are here: http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html

Several standards exist for compression of air/ground communication in the ATN-SARPS (ICAO doc 9705 superseeded by ICAO doc 9880) - the question is which one is used.

SNDCF for ISO/IEC 8208 mobile subnetworks - compression mechanisms (ATN SARPS): Local Reference Compression (LREF) 9705 Ed2: replacement of repeated ISO/IEC 8473-1 NPDU header elements on a virtual circuit with a single integer (the local reference)

Data Stream Mode Compression (Deflate) 9705 Ed3: ->substitution of repeated patterns by a backward reference (Lempel Ziv) ->optimised huffman coding for statistical distributed symbols

ATN NSAP Compression Algorithm (ACA) - only 9705 Ed.2

Compression of data stream according to ITU-T Rec. V.42bis only 9705 Ed.2 ->substitution of repeated patterns by a backward reference (Lempel Ziv)

answered 06 Feb '13, 09:44

cavok's gravatar image

cavok
112
accept rate: 0%

edited 06 Feb '13, 10:39

@cavok: appropriate user name :)

(06 Feb '13, 14:40) Jaap ♦