Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Suggested changes to h248 package handling

From: Alex Lindberg <alindber@xxxxxxxxx>
Date: Wed, 5 Aug 2009 11:15:38 -0700 (PDT)
I need to add support for some custom h248 (MEGACO) packages to the wireshark h248 disector.  After working on the issue for sometime I would like to suggest the following changes to asn1/h248/packet-h248-template.c

The general goal is to make the decoding of the package details separate from the decoding of the ANS.1 formatted packet.

1 - Remove the value_stirng arrays: package_name_vals, event_name_vals and signal_name_vals and move all package definition into their own packet-h248-<NAME>.c files much like the current set:

packet-h248_10.c
packet-h248_7.c
packet-h248_annex_e.c
packet-h248_3gpp.c
packet-h248_annex_c.c
packet-h248_q1950.c

1a - Update packet-h248-template.c to use the registered packages to provide the required field names and values decoded.  Also update dissector to understand that packages may be extenet other packages and us their signals and event numbers with their own paramaters (for an example see packages tonegen, id 0x0003, and cg, id 0x0007 as defined here).

2 - After 1 and 1a are completed, create a python tool to read a formated text file that defines a package dissecotor and output packet-h248-<NAME>.c.

By seperating the h248 package definition from the ANS1 decoding, custom packages can be added using the plugin abilities of wireshark.

Anyone with an opinion on this, please let me know.

Thanks as always.
Alex Lindberg