Wireshark-dev: [Wireshark-dev] DESEGMENT_ONE_MORE_SEGMENT usage/fault
Hi all,
I'm developing a dissector dissecting MTP2 packets from RTP stream (for semipermanent connections). I used part of the code from packet-lapd.c (it is almost tha same except that it is for the LAPD protocol).
In that code, when the RTP data ends in the middle of an MTP2 packet, the dissector sets pinfo->desegment_offset = 0 and pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT and exits.
In the README.developer, it is written that if a dissector sets these values and returns it will be called again with data from the actual packet plus the data from the next packet. But this never happens. My dissector is never called with more data than
1 RTP data filed (40 byte in my case).
I've also created debug patches for the TELNET dissector (packet-telnet.c) (to test this defregmentation functionality outside my buggy code) to force the dissector to always request data from the next packet using DESEGMENT_ONE_MORE_SEGMENT but it was
failing as well.
Have anyone of You encountered such problem? Am I doing something wrong?
Do I need to do something extra to get this feature work or we have a wireshark bug?
Please share experiences with these defregmentation method.
(I've attached my code with debug printing included)
Thanks.
LAJOS OLAH
System Test Engineer
Ericsson Telecom Hungary
RFT/D
Budapest, Irinyi Jozsef Street 4-20
1017, Hungary
Phone +36309537333
lajos.olah@xxxxxxxxxxxx
www.ericsson.com
Ericsson Magyarország Kft., Székhely: Budapest, Laborc u.1. Nyilvántartó cégbíróság: Fővárosi Bíróság. Cégjegyzékszám: 01-09-070937
This Communication is Confidential. We only send and receive email on the basis of the term set out at www.ericsson.com/email_disclaimer
/* packet-mtp2.c
* Routines for MTP2 dissection
* It is hopefully (needs testing) compliant to
* ITU-T Q.703 and Q.703 Annex A.
*
* Copyright 2001, 2004 Michael Tuexen <tuexen [AT] fh-muenster.de>
*
* $Id: packet-mtp2.c 29726 2009-09-06 04:26:50Z krj $
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@xxxxxxxxxxxxx>
* Copyright 1998 Gerald Combs
*
* Copied from packet-m2pa.c
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
#ifdef HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdio.h>
#include <glib.h>
#include <string.h>
#include <epan/packet.h>
#include <epan/prefs.h>
#include <epan/crc16.h>
#include <epan/expert.h>
#include <epan/conversation.h>
#define LITTLE_ENDIAN_BYTE_ORDER TRUE
/* Initialize the protocol and registered fields */
static int proto_mtp2 = -1;
static int hf_mtp2_bsn = -1;
static int hf_mtp2_ext_bsn = -1;
static int hf_mtp2_ext_res = -1;
static int hf_mtp2_bib = -1;
static int hf_mtp2_ext_bib = -1;
static int hf_mtp2_fsn = -1;
static int hf_mtp2_ext_fsn = -1;
static int hf_mtp2_fib = -1;
static int hf_mtp2_ext_fib = -1;
static int hf_mtp2_li = -1;
static int hf_mtp2_ext_li = -1;
static int hf_mtp2_spare = -1;
static int hf_mtp2_ext_spare = -1;
static int hf_mtp2_sf = -1;
static int hf_mtp2_sf_extra = -1;
/* Initialize the subtree pointers */
static gint ett_mtp2 = -1;
static dissector_handle_t mtp3_handle;
static dissector_handle_t data_handle;
static gboolean use_extended_sequence_numbers_default = FALSE;
static gboolean use_extended_sequence_numbers = FALSE;
static gint pref_mtp2_rtp_payload_type = 0;
static gint mtp2_rtp_payload_type = 0;
#define BSN_BIB_LENGTH 1
#define FSN_FIB_LENGTH 1
#define LI_LENGTH 1
#define HEADER_LENGTH (BSN_BIB_LENGTH + FSN_FIB_LENGTH + LI_LENGTH)
#define EXTENDED_BSN_BIB_LENGTH 2
#define EXTENDED_FSN_FIB_LENGTH 2
#define EXTENDED_LI_LENGTH 2
#define EXTENDED_HEADER_LENGTH (EXTENDED_BSN_BIB_LENGTH + EXTENDED_FSN_FIB_LENGTH + EXTENDED_LI_LENGTH)
#define BSN_BIB_OFFSET 0
#define FSN_FIB_OFFSET (BSN_BIB_OFFSET + BSN_BIB_LENGTH)
#define LI_OFFSET (FSN_FIB_OFFSET + FSN_FIB_LENGTH)
#define SIO_OFFSET (LI_OFFSET + LI_LENGTH)
#define EXTENDED_BSN_BIB_OFFSET 0
#define EXTENDED_FSN_FIB_OFFSET (EXTENDED_BSN_BIB_OFFSET + EXTENDED_BSN_BIB_LENGTH)
#define EXTENDED_LI_OFFSET (EXTENDED_FSN_FIB_OFFSET + EXTENDED_FSN_FIB_LENGTH)
#define EXTENDED_SIO_OFFSET (EXTENDED_LI_OFFSET + EXTENDED_LI_LENGTH)
#define BSN_MASK 0x7f
#define BIB_MASK 0x80
#define FSN_MASK 0x7f
#define FIB_MASK 0x80
#define LI_MASK 0x3f
#define SPARE_MASK 0xc0
#define EXTENDED_BSN_MASK 0x0fff
#define EXTENDED_RES_MASK 0x7000
#define EXTENDED_BIB_MASK 0x8000
#define EXTENDED_FSN_MASK 0x0fff
#define EXTENDED_FIB_MASK 0x8000
#define EXTENDED_LI_MASK 0x01ff
#define EXTENDED_SPARE_MASK 0xfe00
#define MAX_MTP2_PACKET_LEN 277
enum mtp2_bitstream_states {OUT_OF_SYNC, FLAGS, DATA};
gboolean is_upper_layer = FALSE;
typedef struct mtp2_byte_state {
enum mtp2_bitstream_states state; /* frame detection state */
char full_byte; /* part of a full byte */
char bit_offset; /* number of bits already got in the full byte */
int ones; /* number of consecutive ones since the last zero */
} mtp2_byte_state_t;
typedef struct mtp2_convo_data {
address addr_a;
address addr_b;
guint32 port_a;
guint32 port_b;
mtp2_byte_state_t *byte_state_a;
mtp2_byte_state_t *byte_state_b;
} mtp2_convo_data_t;
typedef struct mtp2_ppi {
mtp2_byte_state_t start_byte_state; /* MTP2 bitstream byte state at the beginnigng of processing the packet */
tvbuff_t mtp2_data;
} mtp2_ppi_t;
/* Predeclatration needed in proto_register_mtp2 */
void
proto_reg_handoff_mtp2(void);
static void
dissect_mtp2_header(tvbuff_t *su_tvb, proto_item *mtp2_tree)
{
if (mtp2_tree) {
if (use_extended_sequence_numbers) {
proto_tree_add_item(mtp2_tree, hf_mtp2_ext_bsn, su_tvb, EXTENDED_BSN_BIB_OFFSET, EXTENDED_BSN_BIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_ext_res, su_tvb, EXTENDED_BSN_BIB_OFFSET, EXTENDED_BSN_BIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_ext_bib, su_tvb, EXTENDED_BSN_BIB_OFFSET, EXTENDED_BSN_BIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_ext_fsn, su_tvb, EXTENDED_FSN_FIB_OFFSET, EXTENDED_FSN_FIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_ext_res, su_tvb, EXTENDED_BSN_BIB_OFFSET, EXTENDED_BSN_BIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_ext_fib, su_tvb, EXTENDED_FSN_FIB_OFFSET, EXTENDED_FSN_FIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_ext_li, su_tvb, EXTENDED_LI_OFFSET, EXTENDED_LI_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_ext_spare, su_tvb, EXTENDED_LI_OFFSET, EXTENDED_LI_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
} else {
proto_tree_add_item(mtp2_tree, hf_mtp2_bsn, su_tvb, BSN_BIB_OFFSET, BSN_BIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_bib, su_tvb, BSN_BIB_OFFSET, BSN_BIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_fsn, su_tvb, FSN_FIB_OFFSET, FSN_FIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_fib, su_tvb, FSN_FIB_OFFSET, FSN_FIB_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_li, su_tvb, LI_OFFSET, LI_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
proto_tree_add_item(mtp2_tree, hf_mtp2_spare, su_tvb, LI_OFFSET, LI_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
}
}
}
/*
*******************************************************************************
* DETAILS : Calculate a new FCS-16 given the current FCS-16 and the new data.
*******************************************************************************
*/
static guint16
mtp2_fcs16(tvbuff_t * tvbuff)
{
guint len = tvb_length(tvbuff)-2;
/* Check for Invalid Length */
if (len == 0)
return (0x0000);
return crc16_ccitt_tvb(tvbuff, len);
}
/*
* This function for CRC16 only is based on the decode_fcs of packet_ppp.c
*/
static tvbuff_t *
mtp2_decode_crc16(tvbuff_t *tvb, proto_tree *fh_tree, packet_info *pinfo)
{
tvbuff_t *next_tvb;
gint len, reported_len;
int rx_fcs_offset;
guint32 rx_fcs_exp;
guint32 rx_fcs_got;
int proto_offset=0;
proto_item *cause;
/*
* Do we have the entire packet, and does it include a 2-byte FCS?
*/
len = tvb_length_remaining(tvb, proto_offset);
reported_len = tvb_reported_length_remaining(tvb, proto_offset);
if (reported_len < 2 || len < 0) {
/*
* The packet is claimed not to even have enough data for a 2-byte FCS,
* or we're already past the end of the captured data.
* Don't slice anything off.
*/
next_tvb = tvb_new_subset_remaining(tvb, proto_offset);
} else if (len < reported_len) {
/*
* The packet is claimed to have enough data for a 2-byte FCS, but
* we didn't capture all of the packet.
* Slice off the 2-byte FCS from the reported length, and trim the
* captured length so it's no more than the reported length; that
* will slice off what of the FCS, if any, is in the captured
* length.
*/
reported_len -= 2;
if (len > reported_len)
len = reported_len;
next_tvb = tvb_new_subset(tvb, proto_offset, len, reported_len);
} else {
/*
* We have the entire packet, and it includes a 2-byte FCS.
* Slice it off.
*/
len -= 2;
reported_len -= 2;
next_tvb = tvb_new_subset(tvb, proto_offset, len, reported_len);
/*
* Compute the FCS and put it into the tree.
*/
rx_fcs_offset = proto_offset + len;
rx_fcs_exp = mtp2_fcs16(tvb);
rx_fcs_got = tvb_get_letohs(tvb, rx_fcs_offset);
if (rx_fcs_got != rx_fcs_exp) {
cause=proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 2,
"FCS 16: 0x%04x [incorrect, should be 0x%04x]",
rx_fcs_got, rx_fcs_exp);
proto_item_set_expert_flags(cause, PI_MALFORMED, PI_WARN);
expert_add_info_format(pinfo, cause, PI_MALFORMED, PI_WARN, "MTP2 Frame CheckFCS 16 Error");
} else {
proto_tree_add_text(fh_tree, tvb, rx_fcs_offset, 2,
"FCS 16: 0x%04x [correct]",
rx_fcs_got);
}
}
return next_tvb;
}
static void
dissect_mtp2_fisu(tvbuff_t *su_tvb,packet_info *pinfo, proto_item *mtp2_tree)
{
call_dissector(data_handle,
tvb_new_subset_remaining(su_tvb, SIO_OFFSET),
pinfo, mtp2_tree);
if (!is_upper_layer)
{
col_set_str(pinfo->cinfo, COL_INFO, "FISU ");
}
}
static const value_string status_field_vals[] = {
{ 0x0, "Status Indication O" },
{ 0x1, "Status Indication N" },
{ 0x2, "Status Indication E" },
{ 0x3, "Status Indication OS" },
{ 0x4, "Status Indication PO" },
{ 0x5, "Status Indication B" },
{ 0, NULL}
};
/* Same as above but in acronym form (for the Info column) */
static const value_string status_field_acro_vals[] = {
{ 0x0, "SIO" },
{ 0x1, "SIN" },
{ 0x2, "SIE" },
{ 0x3, "SIOS" },
{ 0x4, "SIPO" },
{ 0x5, "SIB" },
{ 0, NULL}
};
#define SF_OFFSET (LI_OFFSET + LI_LENGTH)
#define EXTENDED_SF_OFFSET (EXTENDED_LI_OFFSET + EXTENDED_LI_LENGTH)
#define SF_LENGTH 1
#define SF_EXTRA_OFFSET (SF_OFFSET + SF_LENGTH)
#define EXTENDED_SF_EXTRA_OFFSET (EXTENDED_SF_OFFSET + SF_LENGTH)
#define SF_EXTRA_LENGTH 1
static void
dissect_mtp2_lssu(tvbuff_t *su_tvb, packet_info *pinfo, proto_item *mtp2_tree)
{
guint8 sf = 0xFF;
guint8 sf_offset, sf_extra_offset;
if (use_extended_sequence_numbers) {
sf_offset = EXTENDED_SF_OFFSET;
sf_extra_offset = EXTENDED_SF_EXTRA_OFFSET;
} else {
sf_offset = SF_OFFSET;
sf_extra_offset = SF_EXTRA_OFFSET;
}
proto_tree_add_item(mtp2_tree, hf_mtp2_sf, su_tvb, sf_offset, SF_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
/* sf = tvb_get_guint8(su_tvb, SF_OFFSET);*/
sf = tvb_get_guint8(su_tvb, sf_offset);
/* If the LI is 2 then there is an extra octet following the standard SF
* field but it is not defined what this octet is.
* (In any case the first byte of the SF always has the same meaning.)
*/
if ((tvb_get_guint8(su_tvb, LI_OFFSET) & LI_MASK) == 2)
proto_tree_add_item(mtp2_tree, hf_mtp2_sf_extra, su_tvb, sf_extra_offset, SF_EXTRA_LENGTH, LITTLE_ENDIAN_BYTE_ORDER);
if (check_col(pinfo->cinfo, COL_INFO) && !is_upper_layer)
col_set_str(pinfo->cinfo, COL_INFO, val_to_str_const(sf, status_field_acro_vals, "Unknown"));
call_dissector(data_handle,
tvb_new_subset_remaining(su_tvb, SIO_OFFSET + SF_LENGTH),
pinfo, mtp2_tree);
}
static void
dissect_mtp2_msu(tvbuff_t *su_tvb, packet_info *pinfo, proto_item *mtp2_item, proto_item *tree)
{
gint sif_sio_length;
tvbuff_t *sif_sio_tvb;
if (!is_upper_layer)
{
col_set_str(pinfo->cinfo, COL_INFO, "MSU ");
}
if (use_extended_sequence_numbers) {
sif_sio_length = tvb_length(su_tvb) - EXTENDED_HEADER_LENGTH;
sif_sio_tvb = tvb_new_subset(su_tvb, EXTENDED_SIO_OFFSET, sif_sio_length, sif_sio_length);
} else {
sif_sio_length = tvb_length(su_tvb) - HEADER_LENGTH;
sif_sio_tvb = tvb_new_subset(su_tvb, SIO_OFFSET, sif_sio_length, sif_sio_length);
}
call_dissector(mtp3_handle, sif_sio_tvb, pinfo, tree);
is_upper_layer = TRUE;
if (tree) {
if (use_extended_sequence_numbers)
proto_item_set_len(mtp2_item, EXTENDED_HEADER_LENGTH);
else
proto_item_set_len(mtp2_item, HEADER_LENGTH);
}
}
static void
dissect_mtp2_su(tvbuff_t *su_tvb, packet_info *pinfo, proto_item *mtp2_item, proto_item *mtp2_tree, proto_tree *tree,gboolean validate_crc)
{
guint16 li;
tvbuff_t *next_tvb = NULL;
dissect_mtp2_header(su_tvb, mtp2_tree);
if (validate_crc)
next_tvb = mtp2_decode_crc16(su_tvb, mtp2_tree, pinfo);
if (use_extended_sequence_numbers)
li = tvb_get_letohs(su_tvb, EXTENDED_LI_OFFSET) & EXTENDED_LI_MASK;
else
li = tvb_get_guint8(su_tvb, LI_OFFSET) & LI_MASK;
switch(li) {
case 0:
if (validate_crc)
dissect_mtp2_fisu(next_tvb,pinfo,mtp2_tree);
else
dissect_mtp2_fisu(su_tvb,pinfo,mtp2_tree);
break;
case 1:
case 2:
if (validate_crc)
dissect_mtp2_lssu(next_tvb, pinfo, mtp2_tree);
else
dissect_mtp2_lssu(su_tvb, pinfo, mtp2_tree);
break;
default:
/* In some capture files (like .rf5), CRC are not present */
/* So, to avoid trouble, give the complete buffer if CRC validation is disabled */
if (validate_crc)
dissect_mtp2_msu(next_tvb, pinfo, mtp2_item, tree);
else
dissect_mtp2_msu(su_tvb, pinfo, mtp2_item, tree);
break;
}
}
static void
dissect_mtp2_common(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, gboolean validate_crc)
{
proto_item *mtp2_item = NULL;
proto_tree *mtp2_tree = NULL;
if (pinfo->annex_a_used == MTP2_ANNEX_A_USED_UNKNOWN)
use_extended_sequence_numbers = use_extended_sequence_numbers_default;
else
use_extended_sequence_numbers = (pinfo->annex_a_used == MTP2_ANNEX_A_USED);
if (!is_upper_layer) {
col_set_str(pinfo->cinfo, COL_PROTOCOL, "MTP2");
}
if (tree) {
mtp2_item = proto_tree_add_item(tree, proto_mtp2, tvb, 0, -1, FALSE);
mtp2_tree = proto_item_add_subtree(mtp2_item, ett_mtp2);
};
dissect_mtp2_su(tvb, pinfo, mtp2_item, mtp2_tree, tree, validate_crc);
}
/* Dissect MTP2 frame with/without CRC16 included at end of payload */
static void
dissect_mtp2(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
/* If the link extention indicate the FCS presence, then the Checkbits
* have to be proceeded in the MTP2 dissector */
if ( pinfo->fd->lnk_t == WTAP_ENCAP_ERF ) {
dissect_mtp2_common(tvb, pinfo, tree, TRUE);
} else {
dissect_mtp2_common(tvb, pinfo, tree, FALSE);
}
}
/* got new MTP2 frame byte */
static void new_byte(char full_byte, char data[], int *data_len) {
if (*data_len < MAX_MTP2_PACKET_LEN) {
data[*data_len] = full_byte;
(*data_len)++;
} else {
/* XXX : we are not prepared for that big messages, drop the last byte */
printf("data_byte_dropped\n");
}
}
static void
dissect_mtp2_bitstream(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
{
guint8 byte=0x00, full_byte = 0x00, bit_offset = 0;
gboolean bit;
guint8 i, ones = 0, data[MAX_MTP2_PACKET_LEN];
int data_len = 0;
guint offset = 0, last_packet_end_offset = 0, available;
guint8 *buff;
tvbuff_t *new_tvb;
enum mtp2_bitstream_states state = OUT_OF_SYNC;
printf("start_dissect_bitstream_packet: %u\n",pinfo->fd->num);
/*
enable the col_set_str calls
this is needed because if we have frames in tffill_mtp2
his RTP packet like this:
mtp2
mtp2
mtp3
isup
mtp2
then when the last mtp2 frame is dissected, it will overwrite the protocol and info fileds set by the ISUP dissector
but the source and destination fileds will remain the ones set by the ISUP dissector
this leads to inconsistence in the GUI
*/
is_upper_layer=FALSE;
/* Consume tvb bytes */
available = tvb_length_remaining(tvb, offset);
printf("s: %u fb:%x bo:%u o:%u\n",state,full_byte,bit_offset,ones);
printf("offset: %u \n",offset);
printf("available: %u \n",available);
while (offset < available) {
byte = tvb_get_guint8(tvb,offset);
offset++;
for (i=0; i < 8; i++) { /* cycle through bits */
bit = byte & (0x80 >> i) ? TRUE : FALSE;
/*if (pinfo->fd->num==37 || pinfo->fd->num==39 || pinfo->fd->num==35 || pinfo->fd->num==41) {*/
printf("%u",(bit==FALSE?0:1));
/*}*/
/* consume a bit */
if (bit) {
ones++;
full_byte |= (1 << bit_offset++);
} else {
if (ones == 5 && state == DATA) {
/* we don't increase bit_offset, it is an inserted zero */
} else if (ones == 6 && state == DATA) { /* probably starting flag sequence */
buff = g_memdup(data, data_len);
/* Allocate new tvb for the MTP2 frame */
new_tvb = tvb_new_child_real_data(tvb, buff, data_len, data_len);
tvb_set_free_cb(new_tvb, g_free);
//g_free(buff);
add_new_data_source(pinfo, new_tvb, "Decoded MTP2 bitstream");
dissect_mtp2_common(new_tvb, pinfo, tree, TRUE);
last_packet_end_offset = offset -1;
data_len = 0;
state = FLAGS;
bit_offset++;
} else if (ones >= 7) { /* frame reset or 11111111 flag byte */
data_len = 0;
state = OUT_OF_SYNC;
bit_offset++;
printf("frame_reset: %u\n",pinfo->fd->num);
} else {
bit_offset++;
}
ones = 0;
}
if (bit_offset == 8) { /* we have a new complete byte */
switch (state) {
case OUT_OF_SYNC:
if (full_byte == 0x7E) { /* we have a flag byte */
state = FLAGS;
full_byte = 0x00;
bit_offset = 0;
} else { /* no sync yet, wait for a new byte */
full_byte = (full_byte >> 1) & 0x7F;
bit_offset--;
}
break;
case FLAGS:
if (full_byte == 0x7E) { /* we have a flag byte */
full_byte = 0x00;
bit_offset = 0;
} else { /* we got the first data byte */
state = DATA;
new_byte(full_byte, data, &data_len);
full_byte = 0x00;
bit_offset = 0;
}
break;
case DATA:
/* we got a new data byte */
new_byte(full_byte, data, &data_len);
full_byte = 0x00;
bit_offset = 0;
break;
}
}
}
printf("\n");
}
printf("\n");
printf("state: %u\n",state);
if (state == DATA) { /* we are in the middle of an MTP2 frame or in the middle of a flag, we need more bytes */
pinfo->desegment_offset = 0;
pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
printf("deseggment needed. Pakcet num: %u\n",pinfo->fd->num);
return;
}
}
void
proto_register_mtp2(void)
{
static hf_register_info hf[] = {
{ &hf_mtp2_bsn, { "Backward sequence number", "mtp2.bsn", FT_UINT8, BASE_DEC, NULL, BSN_MASK, NULL, HFILL } },
{ &hf_mtp2_ext_bsn, { "Backward sequence number", "mtp2.bsn", FT_UINT16, BASE_DEC, NULL, EXTENDED_BSN_MASK, NULL, HFILL } },
{ &hf_mtp2_ext_res, { "Reserved", "mtp2.res", FT_UINT16, BASE_DEC, NULL, EXTENDED_RES_MASK, NULL, HFILL } },
{ &hf_mtp2_bib, { "Backward indicator bit", "mtp2.bib", FT_UINT8, BASE_DEC, NULL, BIB_MASK, NULL, HFILL } },
{ &hf_mtp2_ext_bib, { "Backward indicator bit", "mtp2.bib", FT_UINT16, BASE_DEC, NULL, EXTENDED_BIB_MASK, NULL, HFILL } },
{ &hf_mtp2_fsn, { "Forward sequence number", "mtp2.fsn", FT_UINT8, BASE_DEC, NULL, FSN_MASK, NULL, HFILL } },
{ &hf_mtp2_ext_fsn, { "Forward sequence number", "mtp2.fsn", FT_UINT16, BASE_DEC, NULL, EXTENDED_FSN_MASK, NULL, HFILL } },
{ &hf_mtp2_fib, { "Forward indicator bit", "mtp2.fib", FT_UINT8, BASE_DEC, NULL, FIB_MASK, NULL, HFILL } },
{ &hf_mtp2_ext_fib, { "Forward indicator bit", "mtp2.fib", FT_UINT16, BASE_DEC, NULL, EXTENDED_FIB_MASK, NULL, HFILL } },
{ &hf_mtp2_li, { "Length Indicator", "mtp2.li", FT_UINT8, BASE_DEC, NULL, LI_MASK, NULL, HFILL } },
{ &hf_mtp2_ext_li, { "Length Indicator", "mtp2.li", FT_UINT16, BASE_DEC, NULL, EXTENDED_LI_MASK, NULL, HFILL } },
{ &hf_mtp2_spare, { "Spare", "mtp2.spare", FT_UINT8, BASE_DEC, NULL, SPARE_MASK, NULL, HFILL } },
{ &hf_mtp2_ext_spare, { "Spare", "mtp2.spare", FT_UINT16, BASE_DEC, NULL, EXTENDED_SPARE_MASK, NULL, HFILL } },
{ &hf_mtp2_sf, { "Status field", "mtp2.sf", FT_UINT8, BASE_DEC, VALS(status_field_vals), 0x0, NULL, HFILL } },
{ &hf_mtp2_sf_extra, { "Status field extra octet", "mtp2.sf_extra", FT_UINT8, BASE_HEX, NULL, 0x0, NULL, HFILL } }
};
static gint *ett[] = {
&ett_mtp2
};
module_t *mtp2_module;
proto_mtp2 = proto_register_protocol("Message Transfer Part Level 2", "MTP2", "mtp2");
register_dissector("mtp2", dissect_mtp2, proto_mtp2);
proto_register_field_array(proto_mtp2, hf, array_length(hf));
proto_register_subtree_array(ett, array_length(ett));
mtp2_module = prefs_register_protocol(proto_mtp2, proto_reg_handoff_mtp2);
prefs_register_bool_preference(mtp2_module,
"use_extended_sequence_numbers",
"Use extended sequence numbers",
"Whether the MTP2 dissector should use extended sequence numbers as described in Q.703, Annex A as a default.",
&use_extended_sequence_numbers_default);
prefs_register_uint_preference(mtp2_module, "rtp_payload_type",
"RTP payload type for embedded MTP2",
"RTP payload type for embedded MTP2. It must be one of the dynamic types "
"from 96 to 127. Set it to 0 to disable.",
10, &pref_mtp2_rtp_payload_type);
}
void
proto_reg_handoff_mtp2(void)
{
dissector_handle_t mtp2_handle;
static gboolean init = FALSE;
static dissector_handle_t mtp2_bitstream_handle;
if (!init) {
mtp2_handle = find_dissector("mtp2");
dissector_add("wtap_encap", WTAP_ENCAP_MTP2, mtp2_handle);
dissector_add("wtap_encap", WTAP_ENCAP_MTP2_WITH_PHDR, mtp2_handle);
mtp3_handle = find_dissector("mtp3");
mtp2_bitstream_handle = create_dissector_handle(dissect_mtp2_bitstream, proto_mtp2);
data_handle = find_dissector("data");
init = TRUE;
} else {
if ((mtp2_rtp_payload_type > 95) && (mtp2_rtp_payload_type < 128))
dissector_delete("rtp.pt", mtp2_rtp_payload_type, mtp2_bitstream_handle);
}
mtp2_rtp_payload_type = pref_mtp2_rtp_payload_type;
if ((mtp2_rtp_payload_type > 95) && (mtp2_rtp_payload_type < 128))
dissector_add("rtp.pt", mtp2_rtp_payload_type, mtp2_bitstream_handle);
}
- Follow-Ups:
- Prev by Date: Re: [Wireshark-dev] Packet Size limited during capture message
- Next by Date: Re: [Wireshark-dev] Using DISSECTOR_SUPPORT_SRC
- Previous by thread: Re: [Wireshark-dev] Packet Size limited during capture message
- Next by thread: Re: [Wireshark-dev] DESEGMENT_ONE_MORE_SEGMENT usage/fault
- Index(es):
- Get Wireshark
- Download
- Code of Conduct