Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5848] H.323 RAS packets missing from packet counts in "Telephony->VoIP Calls"

Wireshark-bugs: [Wireshark-bugs] [Bug 5848] H.323 RAS packets missing from packet counts in "Tel

Date: Fri, 5 Aug 2011 18:29:29 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5848

--- Comment #10 from ericn1234@xxxxxxxxx 2011-08-05 19:29:27 MDT ---
I don't know much about the wireshark codebase, but I do know a fair bit about
H.323.  I agree that your patch is not the correct solution as it will just
reintroduce bug 3219.

With the help of the viewvc diff link that shows the changes introduced this
bug 5848, I have dived in to the wireshark code a bit and it looks like the
root of the issue is that the original dissector code assumes that there would
only ever be one CallIdentifier in a packet, and based on bug 3219, that is not
the case.  The fix that was put in was incomplete, it handled H.225 packets,
but did not handle RAS packets.

I tried applying the fix from the dissect_h225_T_h323_message_body function to
the dissect_h225_RasMessage function, and that seems to have fixed the problem,
and I believe that bug 3219 should remain fixed.

Here are diffs for the changes I made to the 1.1.3 version:


--- asn1/h225/h225.cnf    2009-03-21 16:10:37.000000000 -0600
+++ asn1/h225/h225.cnf.fixed    2011-08-05 19:04:22.107591535 -0600
@@ -289,6 +289,7 @@
 #.FN_BODY RasMessage  VAL_PTR = &rasmessage_value
       gint32 rasmessage_value;

+        call_id_guid = NULL;
 %(DEFAULT_BODY)s
     if (check_col(%(ACTX)s->pinfo->cinfo, COL_INFO)){
         col_add_fstr(%(ACTX)s->pinfo->cinfo, COL_INFO, "RAS: %%s ",
@@ -296,6 +297,9 @@
     }

     h225_pi->msg_tag = rasmessage_value;
+        if (call_id_guid) {
+                h225_pi->guid = *call_id_guid;
+        }
 #.END

#----------------------------------------------------------------------------------------
 #.FN_HDR DestinationInfo/_item
--- epan/dissectors/packet-h225.c    2009-03-21 16:11:33.000000000 -0600
+++ epan/dissectors/packet-h225.c.fixed    2011-08-05 19:05:23.134033505 -0600
@@ -7427,7 +7427,7 @@
 dissect_h225_RasMessage(tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx
_U_, proto_tree *tree _U_, int hf_index _U_) {
 #line 290 "h225.cnf"
       gint32 rasmessage_value;
-
+        call_id_guid = NULL;
   offset = dissect_per_choice(tvb, offset, actx, tree, hf_index,
                                  ett_h225_RasMessage, RasMessage_choice,
                                  &rasmessage_value);
@@ -7438,7 +7438,9 @@
     }

     h225_pi->msg_tag = rasmessage_value;
-
+        if (call_id_guid) {
+                h225_pi->guid = *call_id_guid;
+        }

   return offset;
 }

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 6206] IKE: Life-Duration wrong displayed in LTV format
Next by Date: [Wireshark-bugs] [Bug 6208] New: Status bar count of displayed packets wrong
Previous by thread: [Wireshark-bugs] [Bug 5848] H.323 RAS packets missing from packet counts in "Telephony->VoIP Calls" and the "Flow Graph" for the call.
Next by thread: [Wireshark-bugs] [Bug 5848] H.323 RAS packets missing from packet counts in "Telephony->VoIP Calls" and the "Flow Graph" for the call.
Index(es):
- Date
- Thread