Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] h.223 dissector: maybe a bug, mabe a fix?

From: Still Life <still.life@xxxxxxxx>
Date: Fri, 19 Jan 2007 17:22:45 +0100

The H.223 dissector expects its parent protocol to support defragmentation; if you just give wireshark the raw data, I don't think you'll get the defragmentation, as it's quite specific to individual protocols such as TCP. Fabio's approach makes sense to me. Fabio, I'm away next week, but I'll have a look at your patch when I get back. Regards, Richard


Richard, thank you for your answer!
I learn on the wiki that H.223 dissector is invoked
when H.223 traffic is carried over TCP (or IAX2).
If can be useful I can send you the two H223 raw dump
file (640k zipped file) and the code to incapsulate
them in a "fake" TCP traffic saved as a pcap dump file
with some explanation to use it.
In the file packet-h223.c attached to my first message
there are some old commet that can be confusing to you
(and are in Italian :-)) so I explain here where I
make modification:

static h223_call_info *find_or_create_call_info ( packet_info * pinfo )
{
    [...]

    if( data == NULL )
    {
        [...]
    }

    (&data -> direction_data[0]) -> first_pdu = TRUE;    //#############
    (&data -> direction_data[1]) -> first_pdu = TRUE;    //#############

    [...]
}

I added only the two lines marked here with //#############
just after the closing bracket of the "if( data == NULL )"
condition.
Have a good week.
Regards,
               Fabio Sguanci



--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f

Sponsor:
Ti piace la chitarra? Impara a suonarla senza fatica ed evitando tutti gli errori, con l'aiuto di un maestro professionista
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5144&d=19-1