Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] how do you get SDP dissector info to use itwitha new dissect

Date: Wed, 23 Apr 2008 10:50:58 +0200
 
Hi,

Thanks for your replies.

To (hopefully) clarify the problem statement, here's something more explicit:

Captured packets:

Example 1: no SDP
=================
RTP Payload Type 96 (unkown)
RTP Payload Type 97 (unkown)
:
:
:
:
RTP PT 96 (unkown)
RTP PT 97 (unkown)

My plugin has as a preference Payload Type to force dissection, so I use the following in my code (it works):

dissector_add("rtp.pt", dynamic_payload_type, myprotocol_handle);
 
So if I enter 96 as my payload type, I get the following for my capture:

MYPROTOCOL (RTP Payload Type 96 (unkown)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
RTP Payload Type 97 (unkown (unkown))
:
:
:
:
MYPROTOCOL RTP PT 96
RTP PT 97

Example 2: SDP, RTP PT set at 0 for examle in myprotocol preferences
======================================================================
Raw data shown, no wireshark dissection
=========
SDP/SAP contains list of media types, dynamic payload types and mime-types, MYPROTOCOL sdp_setup_parameters
:
:
RTP Payload Type 96
RTP Payload Type 97
:
:
:
:
RTP PT myprotocol_mime_type (96)
RTP PT 97 myprotocol_mime_type (97)

Now, given that in my code I add myprotocol_mime_type as follows:
dissector_add_string("rtp_dyn_payload_type", myprotocol_mime_type, myprotocol_handle);

Wireshar actually shows the following:
========
SDP/SAP contains list of media types, dynamic payload types and mime-types, MYPROTOCOL sdp_setup_parameters
:
:
MYPROTOCOL (RTP Payload Type myprotocol_mime_type (96)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
MYPROTOCOL (RTP Payload Type myprotocol_mime_type (97)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
:
:
MYPROTOCOL (RTP Payload Type myprotocol_mime_type (96)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
MYPROTOCOL (RTP Payload Type myprotocol_mime_type (97)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.


Problem statement
================
So far so good, SDP media type declaration is automatically used by wireshark to associate the relevant dynamic payload type number to the declare mime-type, which then "launches" the proper protocol dissection *BUT*

myprotocol dissector uses myprotocol_preferences setup parameters for decoding, rather than the parameters in SDP i.e. sdp_setup_parameters for PT 96 and sdp_setup_parameters for PT 97.

Possible solutions
==================
You recommend adding information to the SDP data structure, I gather you mean actually adding the SDP setup parameters for myprotocol in the SDP dissector? Or can I do it "dynamically" from within myprotocol dissector?

Alternatively, given wireshark explicitly shows for each correctly decoded RTP packet [Stream setup by SDP] for each packet for which the PT has been found in SDP, can I fetch/search the relevant information from within the packet dissected within my dissector code?

i.e. can I use tvb or something like pinfo-> SDP parameter ????
or do I need to fetch it from the relevant packet containing the SDP?

I'll look at the RTP / SDP dissectors to see what information the conversation dissector data can gather, but again, how do I access SDP info or RTP info from within my own code?

I'll try and look for myself but as you all know this takes time.

Hope this mail clarifies the problem statement. Thanks for any help / advice. The solution might seem obvious to you, but not to me ;-)

Regards,

David


-----Message d'origine-----
De : wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] De la part de Anders Broman
Envoyé : mardi 22 avril 2008 17:49
À : Developer support list for Wireshark
Objet : Re: [Wireshark-dev] how do you get SDP dissector info to use itwitha new dissector?

Hi,
Just to add to what Luis said:
The SDP dissector hands information to the RTP dissector for the conversation in question if your payload dissector Needs any of this info or additional info you first have to add it to this information to the SDP data structure then the RTP dissector Should hand it to your payload dissector which should be called from the RTP dissector or possibly the payload Dissector could pick it up from the conversation if the info is stored in the conversation dissector data by the SDP or RTP dissector.

Probably this is the function you want to look at void srtp_add_address().
Regards
Anders

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx
[mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Luis EG Ontanon
Sent: den 22 april 2008 15:25
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] how do you get SDP dissector info to use itwith a new dissector?

I do not understand what you want to do.

If all you want is to get RTP's media dissected just invoking the sdp dissector to dissect the sdp buffer might be enough. SDP will take care of "registering" the RTP converstations definded in it so that related media packets are passed to RTP and that RTP calls the propper dissector for the payload.

You can take a look on how packet-rtsp.c or packet-sip.c hand over to sdp and how amr or iuup register themselves to be usable as dynamic RTP payload.

Hope this helps


On Tue, Apr 22, 2008 at 3:11 PM,  <david.castleford@xxxxxxxxxxxxxxxxxx>
wrote:
>
>
> Hi everyone,
>
> I've been working on a new dissector that I'll hopefully be able to 
> contribute.
>
> So far I've used the protocol preferences menu to allow me to "setup"
> parameters that are usually found in an SDP file or via SDP/SAP or via

> SDP/RTSP.
>
> This can be quite tedious as I'm switching between different RTP 
> streams, each having potentially different setup parameters.
>
> Hence I would like to try and reuse the already dissected SDP 
> parameters (if
> found) and use those automatically i.e.
>
> If  SDP -> Media Format (sdp.media.format)  = certain value,
>
> then
>     Search    SDP -> Media format specific parameters
(sdp.fmtp.parameter)
>             If found "setup" parameter, "store" the value for that 
> setup parameter and associate it with the associated sdp.media.format
type
>     End search
> End SDP search
>
> As I expect the SDP information to contain declarations for multiple 
> RTP streams with different dynamic payload types, each having setup 
> parameters for my dissector, what is the best approach I can take?
>
> How do I search for any relevant SDP info?
>
> I've tried to find relevant examples but haven't exactly succeeded and

> would appreciate a pointer. Wireshark seems extremely powerful but 
> it's rather daunting to a beginner.
> I came across tapping, but I'm not sure whether I need to get info 
> from the SDP tap, or whether I need to create a tap for my 
> dissector....or even tap at all?!
>
> As for using those parameters:
>
> Should I define a structure containing all the relevant setup 
> parameters, define a table containing pointers to that structure, and 
> populate it accordingly for each relevant stream i.e. RTP payload type

> in SDP having my setup parameters?
>
> The idea would then be to search this table for a matching RTP payload

> type so that my dissector can use the correct setup parameters, 
> extracted automatically from SDP, rather than using the potentially 
> incorrect setup parameters defined in my preferences.
>
> Thanks for your help,
>
> David
>
>
>
> _______________________________________________
>  Wireshark-dev mailing list
>  Wireshark-dev@xxxxxxxxxxxxx
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>
>



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev