Wireshark mailing list archives

Re: New Dissector only applied to first packet

From: Anders Broman <anders.broman () ericsson com>
Date: Wed, 7 Nov 2012 11:29:03 +0000

 

-----Original Message-----
From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Jan 
Willamowius
Sent: den 6 november 2012 21:53
To: wireshark-dev () wireshark org
Subject: Re: [Wireshark-dev] New Dissector only applied to first packet

Anders Broman wrote:

The use of multiplexing is negotiated in openLogicalChannel and openLogicalChannelAck. It can be bi-directional or 
only in one direction. If one side wants to _receive_ multiplexed RTP, it will add a multiplexedMediaChannel + 
control channel to the traversal parameters plus the payload type it expects.
In the case of an H.460.19 client, those addresses must be disregarded again, because it may be behind a NAT and the 
real IPs will be determined by keepAlive packets.

[...]

Looking at the template that packet-h245.c is generated from, I don't really see where it says that the upcoming 
channel will be RTP. Is that implied and all upcoming channels are RTP right now ?
Changing that to multiplexed-RTP is my priority right now.

[...]



It ought to be possible to set up the RTP or RTPmux data by using the 
information in TraversalParameters ::= SEQUENCE { 
multiplexedMediaChannel TransportAddress OPTIONAL, 
multiplexedMediaControlChannel TransportAddress OPTIONAL, multiplexID 
INTEGER(0..4294967295) OPTIONAL, keepAliveChannel TransportAddress 
OPTIONAL, keepAlivePayloadType INTEGER (0..127) OPTIONAL, 
keepAliveInterval TimeToLive OPTIONAL, ...
}

At least adding dissection of the parameter shouldn't be to difficult given an example trace.

I have captured a trace of a multiplexing call to test with. One capture contains one endpoint multiplexing to >the 
H.323 gatekeeper and the other trace has the other endpoint in it too.

http://www.gnugk.org/download/rtp-mux.pcap
http://www.gnugk.org/download/rtp-mux-both.pcap

Here is my dissector for H.460.19 rtp-mux (which right now can only be used for Decode As if the 
openLogicalChannel and openlogicalChannelAck packets are marked Ignore).

http://www.gnugk.org/download/packet-h46019rtpmux.c

Anders, how could one specify a different dissector for the upcoming channel in packet-h245.c ?

Regards,
Jan


I'm not familiar with the H.460.19 procedures and don't have the time to dive to deeply into the spec
But using the OLC info it should be possible to "detect" that RTPmux is beeing used and
Overide setup of the RTP conversation and instead create an RTPmux conversation possibly a
Per Conversation data structure is needed to keep information per MUX id about the muxed RTP connections.
Somthing like 
"If multiplexID present use_rtpmultiplex = TRUE" and use the IP addr of multiplexedMediaChannel(?)(and ctrl)
As conversation data to set UDP sub dissector as RTPmux.


This should "direct" the RTPmux packets to your dissector which then would remove the mux id and
Call the RTP dissector. Your dissector would probably need set up the RTP paylod data in the RTP
Dissector to have the payload properly dissected. I'm not sure if this is interleaved with the
RTP conversation setup in that case modifications to the RTP dissector may be needed.


About the dissector:
I don't think this lines are needed:
        if ((tvb == NULL) || tvb_length(tvb) < 16) 
                return 0; /* only look at UDP packets */ 
        
        if (pinfo->ipproto != IP_PROTO_UDP) 
                return 0; 
        
        /* check RTP version */ 
        version = RTP_VERSION(tvb_get_guint8(tvb, 4)); 
        if (version != 2) 
                return 0; 

I'd do all the column stuff after:
        /* Clear out stuff in the info column */ 
        col_clear(pinfo->cinfo,COL_INFO); 


-       mux_id = tvb_get_guint8(tvb, 0)*16777216 + tvb_get_guint8(tvb, 1)*65536 + tvb_get_guint8(tvb, 2)*256 + 
tvb_get_guint8(tvb, 3); 
+     mux_id = tvb_get_ntohl(tvb, 0); 

Move proto_register_h46019rtpmux() after dissect_h46019rtpmux()

Regards
Anders

--
Jan Willamowius, jan () willamowius de, http://www.gnugk.org/ 
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

New Dissector only applied to first packet Jan Willamowius (Nov 02)
- Re: New Dissector only applied to first packet Guy Harris (Nov 02)
  - Re: New Dissector only applied to first packet Jan Willamowius (Nov 02)
    - Re: New Dissector only applied to first packet Guy Harris (Nov 02)
    - Re: New Dissector only applied to first packet Jan Willamowius (Nov 02)
    - Re: New Dissector only applied to first packet Guy Harris (Nov 04)
    - Re: New Dissector only applied to first packet Jan Willamowius (Nov 05)
    - Re: New Dissector only applied to first packet Anders Broman (Nov 06)
    - Re: New Dissector only applied to first packet Jan Willamowius (Nov 06)
    - Re: New Dissector only applied to first packet Anders Broman (Nov 07)