Wireshark-dev: Re: [Wireshark-dev] how do you get SDP dissector info to useitwithanew dissector
Date: Fri, 25 Apr 2008 10:25:29 +0200
Hi Luis, Anders,

I was initially looking at using tap info from sdp:

tap_id = find_tap_id("sdp");
	if (tap_id){
		if (check_col(pinfo->cinfo, COL_INFO) ) {
			col_add_fstr( pinfo->cinfo, COL_INFO, " SDP tap found");
			col_set_fence(pinfo->cinfo, COL_INFO);
		}
	 	tap_data =fetch_tapped_data(tap_id,????);  // what is packet index?
		// hopefully I would have been able to use tap_data for "sdp" and get the myprotocol parameters here
	}


But right now I'm stuck. A tap_id for SDP is found, but then I'm not sure what to feed as the index value...is it the same value as shown at the RTP level i.e. rtp.setup-frame number?

Perhaps the more sensible approach (although this becomes protocol specific) is to follow example code in SDP where RTP parameters are found and made available to the RTP dissector. Just as the RTP dissection window shows "Stream setup bu SDP (frame x)]" and then the relevant information. The only "strange" thing in my opinion is to be modifying the SDP dissector to do that, it would have been nice if the actual protocol dissector could have "declared" the relevant information to the SDP dissector e.g. AMR SDP parameter info in AMR dissector, RTP SDP info in RTP dissector, guess wireshark is designed otherwise.

Given SDP is not exactly huge, could one perhaps have access to all the info decoded by SDP via e.g. tap or perhaps conversation ?
i.e. do functionally something like

 if find (sdp_data->sdp.fmtp.parameter, "nameofprotocolparameter")
	string = getstring("nameofprotocolparameter")
	parametervalue = getvalue(string)

Isn't there a way for me to get the SDP packet index as e.g. shown at the RTP dissector level below my protocol (myprotocol/RTP/UDP/IP)(is this done via subdissection?) and then have access to all the dissected SDP parameters in that SDP "frame" i.e. point back at the frame containing the SDP info, have access to all the relevant parameters....is this possible? How?

It seems I have several potential options, I would appreciate your recommendation on which is best:

1- add newprotocol parameters directly within sdp dissector, make them available (follow RTP example)
2- use SDP tap to get the fmtp parameter info (is this possible?)
3- within my own packet, work down to the RTP layer, check whether stream setup by SDP is present, get rtp.setup-frame, "call" that frame, dissect it, get the SDP info back....

Thanks for any thoughts,

David

-----Message d'origine-----
De : [email protected] [mailto:[email protected]] De la part de Luis EG Ontanon
Envoyé : mercredi 23 avril 2008 16:09
À : Developer support list for Wireshark
Objet : Re: [Wireshark-dev] how do you get SDP dissector info to useitwithanew dissector?

beware:
if the dissector gets called in a different way pinfo->private_data may contain who knows what...
This might be true for all dissectors,
neither the DLT_USER nor K12 do anything with pinfo->private_data and if the dissector is registered by name they could call it without calling RTP's first.



On Wed, Apr 23, 2008 at 3:53 PM, Anders Broman <[email protected]> wrote:
> Hi,
>  If I understand you correctly (using AMR as example) you have SDP like:
>  :
>  a=rtpmap:96 AMR/8000/1\r\n
>  a=fmtp:96 octet-align=1\r\n
>  :
>
>  Today the SDP dissector "reads" 96 and connects in to PT 96 which is used by the RTP dissector to find the PT dissector, AMR in this case.
>  You would like your PT dissetor to also receive the fmtp parameter, which actually could be useful for AMR as well.
>
>  First I would look into adding this info into the struct:
>  typedef struct {
>   gint32 pt[SDP_MAX_RTP_PAYLOAD_TYPES];
>   gint8 pt_count;
>   GHashTable *rtp_dyn_payload;
>  } transport_media_pt_t;
>  In packet-sdp.c it could then be read out in packet-rtp.c before calling the PT subdissector and sent as pinfo->private data.
>  Regards
>  Anders
>
>
>
>
>  -----Original Message-----
>  From: [email protected] 
> [mailto:[email protected]] On Behalf Of 
> [email protected]
>  Sent: den 23 april 2008 10:51
>  To: [email protected]
>  Subject: Re: [Wireshark-dev] how do you get SDP dissector info to useitwitha new dissector?
>
>
>  Hi,
>
>  Thanks for your replies.
>
>  To (hopefully) clarify the problem statement, here's something more explicit:
>
>  Captured packets:
>
>  Example 1: no SDP
>  =================
>  RTP Payload Type 96 (unkown)
>  RTP Payload Type 97 (unkown)
>  :
>  :
>  :
>  :
>  RTP PT 96 (unkown)
>  RTP PT 97 (unkown)
>
>  My plugin has as a preference Payload Type to force dissection, so I use the following in my code (it works):
>
>  dissector_add("rtp.pt", dynamic_payload_type, myprotocol_handle);
>
>  So if I enter 96 as my payload type, I get the following for my capture:
>
>  MYPROTOCOL (RTP Payload Type 96 (unkown)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>  RTP Payload Type 97 (unkown (unkown))
>  :
>  :
>  :
>  :
>  MYPROTOCOL RTP PT 96
>  RTP PT 97
>
>  Example 2: SDP, RTP PT set at 0 for examle in myprotocol preferences 
> ======================================================================
>  Raw data shown, no wireshark dissection  =========  SDP/SAP contains 
> list of media types, dynamic payload types and mime-types, MYPROTOCOL 
> sdp_setup_parameters
>  :
>  :
>  RTP Payload Type 96
>  RTP Payload Type 97
>  :
>  :
>  :
>  :
>  RTP PT myprotocol_mime_type (96)
>  RTP PT 97 myprotocol_mime_type (97)
>
>  Now, given that in my code I add myprotocol_mime_type as follows:
>  dissector_add_string("rtp_dyn_payload_type", myprotocol_mime_type, 
> myprotocol_handle);
>
>  Wireshar actually shows the following:
>  ========
>  SDP/SAP contains list of media types, dynamic payload types and 
> mime-types, MYPROTOCOL sdp_setup_parameters
>  :
>  :
>  MYPROTOCOL (RTP Payload Type myprotocol_mime_type (96)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>  MYPROTOCOL (RTP Payload Type myprotocol_mime_type (97)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>  :
>  :
>  MYPROTOCOL (RTP Payload Type myprotocol_mime_type (96)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>  MYPROTOCOL (RTP Payload Type myprotocol_mime_type (97)) - decoded using MYPROTOCOL setup parameters 1,2,3, from myprotocol_preferences etc.
>
>
>  Problem statement
>  ================
>  So far so good, SDP media type declaration is automatically used by 
> wireshark to associate the relevant dynamic payload type number to the 
> declare mime-type, which then "launches" the proper protocol 
> dissection *BUT*
>
>  myprotocol dissector uses myprotocol_preferences setup parameters for decoding, rather than the parameters in SDP i.e. sdp_setup_parameters for PT 96 and sdp_setup_parameters for PT 97.
>
>  Possible solutions
>  ==================
>  You recommend adding information to the SDP data structure, I gather you mean actually adding the SDP setup parameters for myprotocol in the SDP dissector? Or can I do it "dynamically" from within myprotocol dissector?
>
>  Alternatively, given wireshark explicitly shows for each correctly decoded RTP packet [Stream setup by SDP] for each packet for which the PT has been found in SDP, can I fetch/search the relevant information from within the packet dissected within my dissector code?
>
>  i.e. can I use tvb or something like pinfo-> SDP parameter ????
>  or do I need to fetch it from the relevant packet containing the SDP?
>
>  I'll look at the RTP / SDP dissectors to see what information the conversation dissector data can gather, but again, how do I access SDP info or RTP info from within my own code?
>
>  I'll try and look for myself but as you all know this takes time.
>
>  Hope this mail clarifies the problem statement. Thanks for any help / 
> advice. The solution might seem obvious to you, but not to me ;-)
>
>  Regards,
>
>  David
>
>
>  -----Message d'origine-----
>  De : [email protected] [mailto:[email protected]] De la part de Anders Broman Envoyé : mardi 22 avril 2008 17:49 À : Developer support list for Wireshark Objet : Re: [Wireshark-dev] how do you get SDP dissector info to use itwitha new dissector?
>
>  Hi,
>  Just to add to what Luis said:
>  The SDP dissector hands information to the RTP dissector for the conversation in question if your payload dissector Needs any of this info or additional info you first have to add it to this information to the SDP data structure then the RTP dissector Should hand it to your payload dissector which should be called from the RTP dissector or possibly the payload Dissector could pick it up from the conversation if the info is stored in the conversation dissector data by the SDP or RTP dissector.
>
>  Probably this is the function you want to look at void srtp_add_address().
>  Regards
>  Anders
>
>  -----Original Message-----
>  From: wireshark-dev-[email protected]
>  [mailto:[email protected]] On Behalf Of Luis EG 
> Ontanon
>  Sent: den 22 april 2008 15:25
>  To: Developer support list for Wireshark
>  Subject: Re: [Wireshark-dev] how do you get SDP dissector info to use itwith a new dissector?
>
>  I do not understand what you want to do.
>
>  If all you want is to get RTP's media dissected just invoking the sdp dissector to dissect the sdp buffer might be enough. SDP will take care of "registering" the RTP converstations definded in it so that related media packets are passed to RTP and that RTP calls the propper dissector for the payload.
>
>  You can take a look on how packet-rtsp.c or packet-sip.c hand over to sdp and how amr or iuup register themselves to be usable as dynamic RTP payload.
>
>  Hope this helps
>
>
>  On Tue, Apr 22, 2008 at 3:11 PM,  
> <[email protected]>
>  wrote:
>  >
>  >
>  > Hi everyone,
>  >
>  > I've been working on a new dissector that I'll hopefully be able to  
> > contribute.
>  >
>  > So far I've used the protocol preferences menu to allow me to "setup"
>  > parameters that are usually found in an SDP file or via SDP/SAP or 
> via
>
>  > SDP/RTSP.
>  >
>  > This can be quite tedious as I'm switching between different RTP  > 
> streams, each having potentially different setup parameters.
>  >
>  > Hence I would like to try and reuse the already dissected SDP  > 
> parameters (if  > found) and use those automatically i.e.
>  >
>  > If  SDP -> Media Format (sdp.media.format)  = certain value,  >  > 
> then
>  >     Search    SDP -> Media format specific parameters
>  (sdp.fmtp.parameter)
>  >             If found "setup" parameter, "store" the value for that
>  > setup parameter and associate it with the associated 
> sdp.media.format  type
>  >     End search
>  > End SDP search
>  >
>  > As I expect the SDP information to contain declarations for 
> multiple  > RTP streams with different dynamic payload types, each 
> having setup  > parameters for my dissector, what is the best approach I can take?
>  >
>  > How do I search for any relevant SDP info?
>  >
>  > I've tried to find relevant examples but haven't exactly succeeded 
> and
>
>  > would appreciate a pointer. Wireshark seems extremely powerful but  
> > it's rather daunting to a beginner.
>  > I came across tapping, but I'm not sure whether I need to get info  
> > from the SDP tap, or whether I need to create a tap for my  > 
> dissector....or even tap at all?!
>  >
>  > As for using those parameters:
>  >
>  > Should I define a structure containing all the relevant setup  > 
> parameters, define a table containing pointers to that structure, and  
> > populate it accordingly for each relevant stream i.e. RTP payload 
> type
>
>  > in SDP having my setup parameters?
>  >
>  > The idea would then be to search this table for a matching RTP 
> payload
>
>  > type so that my dissector can use the correct setup parameters,  > 
> extracted automatically from SDP, rather than using the potentially  > 
> incorrect setup parameters defined in my preferences.
>  >
>  > Thanks for your help,
>  >
>  > David
>  >
>  >
>  >
>  > _______________________________________________
>  >  Wireshark-dev mailing list
>  >  [email protected]
>  >  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  >
>  >
>
>
>
>  --
>  This information is top security. When you have read it, destroy yourself.
>  -- Marshall McLuhan
>  _______________________________________________
>  Wireshark-dev mailing list
>  [email protected]
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  _______________________________________________
>  Wireshark-dev mailing list
>  [email protected]
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  _______________________________________________
>  Wireshark-dev mailing list
>  [email protected]
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>  _______________________________________________
>  Wireshark-dev mailing list
>  [email protected]
>  http://www.wireshark.org/mailman/listinfo/wireshark-dev
>



--
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev